AWS powered Online profile
A Comprehensive Serverless Architecture Implementation
AWS Diagram
Project Overview
The Cloud Resume Challenge represents a modern approach to demonstrating cloud engineering proficiency through the development of a fully-functional, serverless web application. This project showcases the integration of multiple AWS services to create a resilient, scalable, and cost-effective solution for hosting a professional resume website with dynamic visitor tracking capabilities.
Initial Implementation: Static Website Foundation
The project commenced with the establishment of a static website hosting infrastructure using Amazon S3. The HTML resume document, along with supporting CSS and JavaScript assets, was uploaded to an S3 bucket specifically configured for static website hosting. The bucket was named to match the intended subdomain (onlineresume.bryangreyit.pro), following AWS best practices for static website hosting.
The S3 bucket was configured with public read access through a carefully crafted bucket policy, enabling direct public access to the website content while maintaining security boundaries. Website hosting was enabled with index.html designated as the index document.
DNS and Content Delivery Implementation
To establish a professional web presence with a custom domain, Route 53 was implemented as the authoritative DNS service for the domain bryangreyit.pro. A hosted zone was created to manage DNS records, with nameservers configured through the domain registrar (Namecheap) to delegate DNS authority to AWS.
The architecture was enhanced with Amazon CloudFront, AWS's global content delivery network, to provide several critical capabilities:
- SSL/TLS Encryption: AWS Certificate Manager (ACM) was utilized to provision a free SSL certificate, enabling HTTPS access for the website
- Global Content Distribution: CloudFront edge locations ensure optimal performance for visitors worldwide
- Security Enhancement: AWS Shield Standard provides automatic DDoS protection
- Caching Optimization: Static content is cached at edge locations, reducing origin server load and improving response times
The CloudFront distribution was configured to serve content from the S3 origin, with appropriate cache behaviors and security headers implemented to ensure optimal performance and security posture.
Serverless Backend Architecture
The dynamic functionality of the application was implemented using a serverless architecture consisting of three primary components:
Database Layer
Amazon DynamoDB was selected as the database solution, providing a fully-managed NoSQL database with the following characteristics:
- Table Design: A single table named
resume-visitor-countwith a simple key-value structure - Partition Key:
id(String) to uniquely identify records - Billing Mode: Pay-per-request to optimize costs for low-traffic scenarios
- Initial Data: Seeded with a visitor count record initialized to zero
Compute Layer
AWS Lambda was implemented to handle the business logic for visitor count management:
- Runtime Environment: Python 3.11 for optimal performance and compatibility
- Function Configuration: Configured with appropriate timeout, memory allocation, and environment variables
- Core Functionality: Atomic increment operations on the DynamoDB visitor count record
- Error Handling: Comprehensive exception handling for database operations and unexpected errors
- Security Features: Built-in rate limiting and request validation to prevent abuse
- Logging: Integrated CloudWatch logging for monitoring and debugging capabilities
API Layer
Amazon API Gateway was configured to provide a RESTful HTTP interface:
- API Type: REST API with regional endpoint configuration
- Resource Structure:
/visitor-countendpoint for visitor count operations - HTTP Methods: GET method for retrieving and incrementing the visitor count
- CORS Configuration: Cross-Origin Resource Sharing headers configured to enable browser-based requests
- Integration: AWS Lambda proxy integration for seamless request/response handling
- Deployment: Production stage deployment with appropriate logging and monitoring configuration
Infrastructure Security and Permissions
A comprehensive Identity and Access Management (IAM) strategy was implemented to ensure least-privilege access:
Lambda Execution Role
- DynamoDB Permissions: Limited to specific operations (GetItem, UpdateItem, PutItem) on the designated table
- CloudWatch Permissions: Log group creation and log stream writing capabilities
- CloudWatch Metrics: Permission to publish custom metrics for enhanced monitoring
API Gateway Permissions
- Lambda Invocation: Specific permission to invoke the designated Lambda function
- Resource-Based Policy: Configured to allow API Gateway service principal access
Monitoring and Observability
CloudWatch was integrated throughout the architecture to provide comprehensive monitoring:
- Lambda Metrics: Invocation count, duration, error rate, and throttling metrics
- API Gateway Metrics: Request count, latency, 4XX/5XX error rates
- Custom Alarms: Configured to alert on unusual traffic patterns or error rates
- Log Aggregation: Centralized logging from all components for troubleshooting and audit purposes
Client-Side Integration
The frontend implementation incorporated JavaScript to interact with the serverless backend:
- Asynchronous API Calls: Fetch API used to retrieve visitor count data
- Error Handling: Graceful degradation when API calls fail
- User Experience: Real-time visitor count display with loading states
- Performance: Minimal impact on page load times through asynchronous execution
Infrastructure as Code Implementation (ongoing development)
The entire infrastructure was codified using Terraform, demonstrating modern DevOps practices:
- Resource Definition: All AWS resources defined in declarative configuration files
- State Management: Terraform state management for infrastructure lifecycle
- Version Control: Infrastructure code stored in Git repository for change tracking
- Reproducibility: Ability to recreate identical environments across different AWS accounts or regions
Performance and Scalability Characteristics
The implemented architecture demonstrates several key performance and scalability benefits:
Automatic Scaling
- Lambda Concurrency: Supports up to 1,000 concurrent executions by default
- API Gateway: Handles traffic spikes automatically without configuration changes
- DynamoDB: On-demand billing mode provides automatic scaling based on traffic patterns
- CloudFront: Global edge network scales to handle traffic from any geographic location
Cost Optimization
- Pay-per-Use Model: Costs scale directly with usage, minimizing expenses during low-traffic periods
- Free Tier Eligible: Most components operate within AWS Free Tier limits for typical resume website traffic
- No Idle Costs: Serverless architecture eliminates charges for unused capacity
Performance Metrics
- Cold Start Latency: Optimized Lambda function with sub-second cold start times
- API Response Time: Typical response times under 100ms for warm Lambda invocations
- Global Availability: CloudFront ensures consistent performance worldwide
- High Availability: Multi-AZ deployment across AWS infrastructure
Security Implementation
Multiple layers of security were implemented throughout the architecture:
Network Security
- HTTPS Enforcement: All traffic encrypted in transit via CloudFront SSL termination
- CORS Policy: Restrictive cross-origin policies to prevent unauthorized access
- API Gateway: Built-in DDoS protection and request validation
Application Security
- Input Validation: Server-side validation of all API requests
- Rate Limiting: Protection against abuse through request throttling
- Error Handling: Secure error responses that don't expose internal system details
Infrastructure Security
- IAM Least Privilege: Minimal permissions granted to each service component
- Resource Isolation: Separate IAM roles and policies for each service
- Audit Logging: CloudTrail integration for security event monitoring
Business Value and Technical Achievement
This implementation demonstrates several key technical competencies and business value propositions:
Technical Proficiency
- Multi-Service Integration: Successful orchestration of six different AWS services
- Serverless Architecture: Modern, event-driven design patterns
- Infrastructure as Code: Professional DevOps practices and automation (ongoing development)
- Full-Stack Development: Frontend, backend, and infrastructure components
Operational Excellence
- Monitoring and Alerting: Proactive system health monitoring
- Error Handling: Robust error management and graceful degradation
- Performance Optimization: Efficient resource utilization and response times
- Security Best Practices: Defense-in-depth security implementation
Business Benefits
- Cost Efficiency: Minimal operational costs through serverless architecture
- Scalability: Ability to handle traffic growth without infrastructure changes
- Reliability: High availability through AWS managed services
- Maintainability: Clean architecture enabling easy updates and modifications