Junie Bonifacio

AWS S3 Static Web Hosting with Serverless Backend

• This website https://juniebonifacio.com is running on AWS S3 static website hosting backed by Route53 DNS, AWS Certificate Manager, and CloudFront for content delivery, and is powered by an AWS Serverless application backed by AWS Lambda, API Gateway, DynamoDB and S3, ‘built’ and ‘deployed’ both using SAM CLI and thru a DevOps pipeline i.e. via AWS CodeBuild and CodePipeline for automated deployment.

AWS Accounts

• Creating multiple General and Production AWS Accounts. Securing AWS Accounts setting up Multi-Factor Authentication (MFA). Using AWS Budgets to set custom budgets for tracking costs and usage of resources in an AWS account. Setting up alerts by email when actual or forecasted cost and usage exceed budgeted threshold.
• Using Amazon S3 to host a static website where individual web pages include static content. Also using this service to store developer codes before hosting them on virtual servers (EC2) for dynamic web apps.
• Securing S3 Static Website Hosting with https, requesting a publicly issued certificate using Amazon Certificate Manager (ACM) and setting up CloudFront Distribution from scratch, distributing the AWS S3 Static Website via CloudFront to improve performance and resiliency; Configuring CloudFront to use my own domain and setting up Route53 for that.
• Logging web traffic for a static website's S3 bucket by enabling server access logging
• Creating AWS Organization; create Management Account; creating Organizational Units for organizing accounts; Using Service Control Policies to retrict what identities within an AWS account can do
• Implementing IAM Role Switching on AWS Organizations
• Implementing an Organizational CloudTrail for account-wide auditing and API logging, configured for all regions and set to log global services events; set the trail to log to an S3 bucket and inject data into CloudWatch Logs

Simple Storage Service (S3)

• Creating and configuring a KMS Key, an Alias and we use that Key and the CLI tools to encrypt and decrypt data.
• Implementing S3 Server Side Encryption SSE-C, SSE-S3 (AES256), and SSE-KMS, and how to achieve role separation in SSE-KMS.
• Configuring Cross-Region Replication of an S3 Static Website.
• Setup of Amazon S3 presignedURL allowing access for any unauthenticated identities and go through interesting aspects of it.

Virtual Private Cloud (VPC)

• Designing a well-structured and scalable network inside AWS using a VPC. Performed VPC Sizing and Structure and creating an IP Plan for a business before creating a custom VPC based on infrastructure requirements.
• Creating a custom VPC based on an IP Plan, configuring structure, creating subnets, routes and other capabilities manually as per design, enabling the VPC for production activities.
• Using Amazon VPC to launch AWS resources in a logically isolated virtual network that I designed. Created a public and a private subnet, used the private subnet for databases to protect it from the internet and used the public subnet for web servers. Elastic Load Balancing was used to automatically distribute incoming application traffic across multiple targets.