Skip to content

Serverless Portfolio Engineering

Status: Production (CI/CD Live) Tech Stack: AWS S3, CloudFront, OIDC, GitHub Actions

This document explains the architectural decisions behind this portfolio website.

🎯 The Challenge

I needed a professional portfolio that was fast, secure, and cost-effective, without the overhead of managing servers (EC2).

🏗️ The Solution

I implemented a Serverless Architecture using AWS managed services.

Key Components

  1. Storage (S3): Hosts the static HTML/CSS assets generated by MkDocs. The bucket is completely private.
  2. Delivery (CloudFront): Acts as a global CDN, caching content at the edge for low latency. It connects to S3 securely using Origin Access Control (OAC).
  3. Security (OIDC): Instead of storing long-lived AWS keys in GitHub Secrets (security risk), I configured OpenID Connect. GitHub Actions assumes a temporary IAM Role only during deployment.

🚀 CI/CD Pipeline

Every commit to the main branch triggers the following automated workflow:

  1. Build: Python environment is set up, and MkDocs compiles the Markdown to HTML.
  2. Auth: GitHub requests a temporary token from AWS STS.
  3. Deploy: The aws s3 sync command updates only the changed files.
  4. Refresh: The CloudFront cache is invalidated to show changes immediately.

💰 FinOps (Cost Analysis)

  • Hosting: ~$0.01 (S3 Storage)
  • Compute: $0.00 (Static Site)
  • CDN: Free Tier (1TB/month)
  • Total Estimated: ~ $0.01 / month