Tag: Architecture

Simplifying Cloud Infrastructure: My Journey to AWS with Terraform

Deploying to the cloud can often feel like juggling dozens of moving parts—manually clicking through the AWS console, hoping you didn’t miss a security checkbox, and praying that your staging environment matches your production.

That is why I moved my entire infrastructure to Terraform. By treating my infrastructure as code, I’ve turned a manual, error-prone process into a repeatable, automated, and—most importantly—understandable workflow.

In this post, I want to share how I’ve architected my booking application on AWS using Terraform.

The Architecture: A “Reverse Proxy” Approach

My goal was simple: create a fast, secure, and modern booking application. To achieve this, I use a combination of serverless technologies and a powerful CDN.

1. The Frontend: Amazon S3 & CloudFront

My website assets—the HTML, CSS, and JavaScript—live in an Amazon S3 bucket. However, I don’t serve them directly from S3. Instead, I use Amazon CloudFront, a global Content Delivery Network (CDN).

  • The Connection: In my frontend.tf, I define the aws_cloudfront_distribution resource. This connects to my S3 bucket via Origin Access Control (OAC), ensuring that only CloudFront can read my bucket files. This effectively makes the site globally fast while keeping my raw files private.

2. The Backend: API Gateway & Lambda

For the heavy lifting—like handling form submissions and managing bookings—I use Amazon API Gateway and AWS Lambda.

  • The Connection: My api_gateway.tf file defines the endpoints (like /booking or /submit). It links these paths directly to my Lambda functions, which contain the business logic. Because it’s serverless, I don’t pay for idle servers—I only pay when a user actually interacts with my site.

3. The “Traffic Cop”: CloudFront Reverse Proxy

The secret sauce of this project is using CloudFront as a Reverse Proxy. Rather than forcing my frontend to make cross-domain API calls (which causes those annoying CORS headaches), I route both my frontend and my API through the same CloudFront domain.

  • The Connection: In my reverse_proxy.tf, I set up ordered_cache_behavior blocks. These blocks look at the URL path (e.g., /booking* or /submit*) and intelligently route that request to my API Gateway instead of S3.
  • Why it matters: Because the browser sees everything as coming from one domain, the “same-origin” policy kicks in. CORS errors disappear, and the architecture becomes much more secure by hiding the raw API Gateway URL from the public.

Why Terraform is a Game-Changer

Writing this in Terraform means I have a “Single Source of Truth.” If I need to update my API Gateway stage or change how my site routes traffic, I don’t go hunting through the AWS console. I simply update my .tf files and run terraform apply.

Some of the key wins for me have been:

  • Consistency: My sandbox environment is a perfect mirror of what I’ll eventually deploy to production.
  • Transparency: I can share my configuration with others, and they can see exactly how the api-gateway-policy in reverse_proxy.tf is constructed to handle headers.
  • Automation: I’ve even configured Terraform to dynamically inject my API URL into a config.js file at deployment time, so my frontend always knows exactly where to find the backend.

Final Thoughts

Moving to Infrastructure as Code hasn’t just made my deployments faster; it’s made them smarter. By leveraging CloudFront as a reverse proxy, I’ve cleaned up my frontend code, eliminated CORS issues, and built a foundation that can scale.

If you’re still clicking buttons in the AWS console, I highly recommend giving Terraform a try. Your future self—and your deployment logs—will thank you!

Happy coding, and see you in the cloud!

Web Architecture: Setting Up For Success

Once upon a time there was a non-profit organization that wanted to make great improvements to their website. They wanted their website to become more dynamic, interactive and provide tailored content!

Let’s call this non-profit organization ABC! Company ABC wanted to create an account home section for their members when they login to the website. This landing page would be called MyABC and has items like:

  • review & edit profile
  • print member certificate

As you can read, these are basic necessities for a home account. Let’s push this account home further and provide a better user experience for our members.

New Idea! ADMIN users will help to improve the MyABC user experience. We will allow ADMIN users to tag the pages in the website so we can have categorized content. This way content can be tailored for each user. For example, user A specializes in Cancer Research. ADMIN users would tag pages with cancer related content using keywords like “cancer” and “cancer research”. We can then place links to these pages for said user, providing a custom experience.

Even better, by tagging and categorizing these pages, we can then feed that category information into our search engine. In my case, I am using Elasticsearch. We can force users to specific content or just make suggestions. For example:

Here is some sample JSON data about a page on the ABC website:

{
    "title": "Testing Suggestions",
    "description": "Use this to test...",
    "tags": [
        "test",
        "testing"
    ]
}

So let’s take a quick inventory so far:

  • JSON data with categories
  • Store JSON data into Elasticsearch
  • use categories to for more precise search

Here’s a screen shot of what we can end up with:

Blog-WebSuccess-searchBox

We type the category words we used when storing the data (“test”, “testing”), using JQuery autocomplete, we make an ajax call to Elasticsearch and return the titles of the document(s) matching the keywords!

This figure is a summation of how the data has been stored:

Blog-WebSuccess-tags

How does this help us in the long run? We get the capability to do the following:

  • Know traffic volume, since we can restrict users to pages available in our search engine, matching to specific keywords!!!
  • Categorized content can appear in the user’s MyABC (account home) page.
  • Send these clicks and page visits to Google Analytics for further analysis.

This was a very high-level write-up. We will cover more details in later posts. The point is to show how categorizing content, whether early or late in the website building process, can earn big gains on the SEO side of things!

Design a site like this with WordPress.com
Get started