Lessons learned from making a static website on aws S3

Point of this post

There are tons of fantastic tutorials on how to make a static website and this is not that. I'm simply sharing some anecdotal experience as a hobbyist on the why's and my lessons learned.

I'm a relatively new self-taught developer, so if you're new, I hope this can help you in your build journey.

Why make a site

I wanted to have a space to share information and move away from social media platforms. This little exercise was actually really helpful in letting me organize my thoughts from the ground up. I recommend it to anyone else that is trying to accomplish the same.

I've also been wanting to use what I learned from my aws training and get a DIY feeling out of it, so it was a perfect starter.

Static versus dynamic site

There are tons of options to host your own website. Most options like Wordpress, Wix and Squarespace don't require you to have any technical background in coding, so it's a great option for most. But since I wanted to get more hands-on, I moved to choosing between setting up a dynamic Wordpress site or a static S3 website.

Here are the key reasons I decided to go with a static S3 website instead of a dynamic website hosted on EC2 Wordpress instance:

• Cost - Hosting on S3 is cheaper than running an EC2 instance.
• Purpose - I'm purely sharing information and don't expect frequent changes.
• Scalability - S3 with CloudFront is resilient, redundant, and scalable without much work.
• Security - Most static sites have less attack surface. Learning as I go, so more on this below.

Lessons learned

As promised, here are some of the things I learned while building a simple static website. Unfortunately, most of these security considerations are not covered in entry level cloud courses.

• Security
• Enable Privacy Protection - To avoid information about yourself being disseminated, make sure privacy protection is enabled on your domain. In the case of aws, it's enabled by default.
• Reduce Attack Surfaces - Another factor in choosing a static website: no databases, no plug-ins, no additional software.
• Block Bots - Consider preventing bots from scraping or archiving your page. (ex. prevent archive.org bots)
• Separate Domain Registrar and Hosting - I'm actually not doing this now, but it's an important consideration for more control over your site.
• Enable HTTPS - Make sure you protect your user's connection to your site. You can do this fairly easily with CloudFront.
• Keep Private S3 Bucket - Most tutorials get you started with a public S3 bucket, but I wanted to keep mine private. You can have CloudFront communicate with a private S3 bucket. See here.
• Backup - This one is straight forward. Always have a backup of your static site somewhere, in case something happens.
• Aesthetics
• Remove .html - I want to remove the .html in my URLs but I'm still working through this one.

How-To's

There are fantastic resources on making a static website on S3 and I googled a ton. For reference, some notable resources below:

• W3Schools - I learned all of my html from w3schools.com and highly recommend this instead of taking a course.
• aws Doc - aws gives a fairly thorough step-by-step walkthrough. I recommend additional googling to supplement this.
• A Cloud Guru - I think it's absolutely worth it if you're learning about cloud from scratch.
• Some Dude's Blog - There are bunch of blogs, medium articles, etc. that cover this, too.

← Back