Wednesday, January 21, 2026

AWS Capstone Project - 1 - Static Website Hosting

 

Host a secured static website on AWS 

  • Stage 1 [CloudInfra][DevSecOps]: Static Website hosted on Amazon S3   

  • Stage 2 [CloudInfra][DevSecOps] 

  • Static Website hosted on Amazon S3 routed with Amazon Route 53 & Amazon CloudFront with Amazon ACM for SSL.  

  • Ensure your website access logs are sent to an S3 bucket for centralized logging with prefix accesslogs/ 

  • Stage 3 [DevSecOps] 

  • Stage 2 + CI CD for deploying static websiteThe static site code should come from Github or AWS CodeCommit repository 

  • Send notification on successful deployment to specific email id 

  • Stage 4 [CloudInfra] 

  • Stage 2 to be implemented using Infrastructure as code.  

  • Maintain IaC code also in a separate Gitbub or AWS CodeCommit repository 

  • Ensure to parameterize as needed so that anyone can host their static website using the IaC code and spin-up any number of environments as needed. 

  • Stage 5 [DevSecOps]: Create IaC for your CI CD which will be used to deploy static website 

  • Stage 6 [DevSecOps]Create a trail in Amazon CloudTrail with only management event enabled and send logs to activitylogs/ in the centralized bucket 

  • Stage 7 [DevSecOps]If necessary, we can share the accesslogs and activitylogs to auditors. Understand and come-up how cross-account authentication works to share the logs with other aws account. 

 

AWS Services Used 

  • AWS IAM 

  • Amazon S3 

  • Amazon Route 53 

  • Amazon Certificate Manager 

  • Amazon CloudFront 

  • GitHub or AWS CodeCommit 

  • AWS CodePipeline or Jenkins 

  • Use AWS CloudFormation or Terraform for IaC 

  • Amazon CloudWatch and CloudTrail 

Best Practice 

  • Ensure to tag all the resources that you create. 

  • S3 root domain & logging bucket 

  • CloudFront Distribution 

  • Route 53 - Hosted Zone 

  • ACM - public certificate 

  •  

  • Create standard tag like TeamEnvironment (incase we want to host dev / test environments), owner and use them for resource grouping and cost analysis. 

Blog 

  • Write a blog on your implementation (optional)  

  • If you are skipping blog, capture high-level steps you followed 

Costing  

  • Forecast the cost of hosting this website 

  • How do you apply FinOps for this implementation (FinOps team can share their point of view) 

Security 

  • How security is embedded in the website hosting and CI CD 

Architecture 

  • Depict at each stage using an architectural diagram 

 

 

Special Instructions:  

  • Public SSL/TLS certificates provisioned through AWS Certificate Manager are free. We are not creating any private certificate authority for this exercise.  
    Refer AWS Certificate Manager Pricing for more details 

 

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Azure Terraform Assignment – Lab

  A zure  Terraform   Assignment  – Lab    Scope   A scenario to solve a business problem   for A zure ,  draw architectural diagram, implem...

  • AWS Partner Tiers
      Services Path - tier guide Introduction This guide is intended to provide partner engaged in the AWS Services Path with prescriptive guida...
  • General Communication Guidelines
    Here is a general communication guideline.   Together, we all can learn, adapt, and get better at this.  Most of these points here are gener...
  • AWS Network Comp
      Dear All   A big congratulations to all of you for playing a crucial role in attaining AWS Network Competency. From the kick-off in early ...