Deploying to the cloud can often feel like juggling dozens of moving parts—manually clicking through the AWS console, hoping you didn’t miss a security checkbox, and praying that your staging environment matches your production.
That is why I moved my entire infrastructure to Terraform. By treating my infrastructure as code, I’ve turned a manual, error-prone process into a repeatable, automated, and—most importantly—understandable workflow.
In this post, I want to share how I’ve architected my booking application on AWS using Terraform.
The Architecture: A “Reverse Proxy” Approach
My goal was simple: create a fast, secure, and modern booking application. To achieve this, I use a combination of serverless technologies and a powerful CDN.
1. The Frontend: Amazon S3 & CloudFront
My website assets—the HTML, CSS, and JavaScript—live in an Amazon S3 bucket. However, I don’t serve them directly from S3. Instead, I use Amazon CloudFront, a global Content Delivery Network (CDN).
- The Connection: In my
frontend.tf, I define theaws_cloudfront_distributionresource. This connects to my S3 bucket via Origin Access Control (OAC), ensuring that only CloudFront can read my bucket files. This effectively makes the site globally fast while keeping my raw files private.
2. The Backend: API Gateway & Lambda
For the heavy lifting—like handling form submissions and managing bookings—I use Amazon API Gateway and AWS Lambda.
- The Connection: My
api_gateway.tffile defines the endpoints (like/bookingor/submit). It links these paths directly to my Lambda functions, which contain the business logic. Because it’s serverless, I don’t pay for idle servers—I only pay when a user actually interacts with my site.
3. The “Traffic Cop”: CloudFront Reverse Proxy
The secret sauce of this project is using CloudFront as a Reverse Proxy. Rather than forcing my frontend to make cross-domain API calls (which causes those annoying CORS headaches), I route both my frontend and my API through the same CloudFront domain.
- The Connection: In my
reverse_proxy.tf, I set upordered_cache_behaviorblocks. These blocks look at the URL path (e.g.,/booking*or/submit*) and intelligently route that request to my API Gateway instead of S3. - Why it matters: Because the browser sees everything as coming from one domain, the “same-origin” policy kicks in. CORS errors disappear, and the architecture becomes much more secure by hiding the raw API Gateway URL from the public.
Why Terraform is a Game-Changer
Writing this in Terraform means I have a “Single Source of Truth.” If I need to update my API Gateway stage or change how my site routes traffic, I don’t go hunting through the AWS console. I simply update my .tf files and run terraform apply.
Some of the key wins for me have been:
- Consistency: My
sandboxenvironment is a perfect mirror of what I’ll eventually deploy to production. - Transparency: I can share my configuration with others, and they can see exactly how the
api-gateway-policyinreverse_proxy.tfis constructed to handle headers. - Automation: I’ve even configured Terraform to dynamically inject my API URL into a
config.jsfile at deployment time, so my frontend always knows exactly where to find the backend.
Final Thoughts
Moving to Infrastructure as Code hasn’t just made my deployments faster; it’s made them smarter. By leveraging CloudFront as a reverse proxy, I’ve cleaned up my frontend code, eliminated CORS issues, and built a foundation that can scale.
If you’re still clicking buttons in the AWS console, I highly recommend giving Terraform a try. Your future self—and your deployment logs—will thank you!
Happy coding, and see you in the cloud!
Michael Clayton 