malcolm.cloud

Blog Redesign and Architecture

By Malcolm van Staden on 22nd April 2021

I've done a bit of a redesign on the blog over the last couple of days. I've decided to drop the flashier pages for a more optimised, cleaner and minimal look focussing on the content. I've seen this design trend on a number of blogs recently and I find those articles easier to read and focus on free from distractions in the sidebars, headers and footers. As an added on-trend bonus I've added an ability to switch to dark mode for those that find it easier to read this way. I hope you like the new design!

Background

I realised I haven't spoken about the architecture underpinning the blog, presumably because many people don't seem to be interested in that type of thing. Since this is a cloud blog and this blog is all serverless I think now with the redesign this is as good a time as any to share how my blog is hosted.

Requirements

Requirements are simple really; I wanted a way of hosting something quickly, easily, cheaply and that allows me to be fully in control of the look and feel. I wasn't interested in standing up a whole server to run a self-managed WordPress solution nor was I keen to pay for a blogging platform. I've tried other platforms like Blogger in the past and found the choice of templates uninspiring.

Architecture

Since I am using AWS as part of my day job and have completed a number of certs (and re-certs) I decided to follow the standard S3-hosted website pattern to host this blog. It originally started out as a simple public bucket with all the HTML files, my domain (malcolm.cloud) is hosted in Route53 and it was easy to alias it to the S3 bucket.

I soon realised I needed SSL; not because I was transmitting anything sensitive but because Google will down rank you if your site is only HTTP. This is when I added in a CloudFront distribution in front of my S3 bucket and set a policy on the bucket to restrict access only from CloudFront. AWS Certificate Manager (ACM) handles the cert required by CloudFront and it's such a joy never to have to think about the renewals of this certificate.

Here is the overall architecture underpinning this blog, there's nothing mind-blowing about this but that's kind of the point - it meets the requirements of a simple serverless hosted website:

Components:

1. S3 bucket containing the HTML files and blog assets
2. Logging bucket for the blog bucket, to log all access requests
3. CloudFront distribution fronts the blog S3 bucket
4. ACM provides the certficate to CloudFront for the SSL connection to the visitor
5. Route 53 hosted zone for malcolm.cloud points the naked domain and www sub-domain to the CloudFront distribution

Final Thoughts

Nothing is ever perfect and neither is this solution, I think there are a number of ways that AWS could make a hosting solution like this easier to setup:

• The whole CloudFront setup to add SSL to the S3 website is overkill - there should be an easier way to simply specify an ACM certificate for content served up via a custom domain on an S3 bucket.
• The root document doesn't work for sub-directories via CloudFront. This is a real pain, you'll notice blog posts are always /YEAR/MONTH/SUBJECT/index.html, I would prefer them to be /YEAR/MONTH/SUBJECT/ without having to specify the index.html part. This works on the root but not on subdirectories. The only way to get around this is to use Lambda to re-write the requests. This is overkill in my mind, I'd like to see the default document property in CloudFront be applicable to all paths.

Other than these I think this is a pretty neat solution that costs me pennies to host and I never give a second thought to the management of the infrastructure that supports this.

Home   |   About   |   My Apps   |   © Malcolm van Staden , all views are my own