This project was an attempt to use everything I'd learned after 11 months as a Platform Engineer to create infrastructure for a static site that was cheaper, simpler, and better than the DigitalOcean droplet that existed before it.  

A secondary goal was to wind up with terraform modules that I could use to quickly spin up static site hosting for businesses I offer consulting services to. Some examples of running mikefrastructure are:  

• plantcoshop.ca, a marketing site for an Etsy store selling common and rare plant trimmings.
• alysia-lynn.com, a much prettier Gatsby-based landing page for an exceptional Front-End developer.

The main components of this infrastructure are:

AWS  

• AWS Identity Center for human-access via SSO
• IAM roles, policies, and OIDC providers for programmatic-access
• S3 to host static site files.
• Cloudfront
  • Distribution to securely and performantly serve the site.
  • Function to allow Hugo’s content to be served securely from an S3 bucket.
• ACM for SSL certificate management
• Route53 for DNS configuration

Terraform Cloud  

• Manage AWS and Terraform Cloud resources
• Resource definitions written in HCL
• Variable sets to share secrets between workspaces
• Path-based remote execution for speculative plans, and merge-based “plan & apply” operations.

Github  

• VCS.
• Actions for linting, speculative plans, deployment to S3, Cloudfront invalidation.
• Issues to track planned improvements and fixes