I built this résumé for the 16-step Cloud Resume Challenge: static content on S3 behind CloudFront, a visitor counter that flows through API Gateway → Lambda → DynamoDB, all provisioned with Terraform and auto-deployed via GitHub Actions.
Fun fact: this exact page lives on that stack, refreshing itself every time I commit a change.
I completed the 16-step Cloud Resume Challenge, building a cloud-based resume site from scratch with front-end, back-end, and DevOps components on AWS. I adopted a multi-account AWS environment to simulate a production setup, going beyond the challenge’s base requirements.
· AWS Services: S3 (static hosting & versioned objects), CloudFront (global CDN, HTTPS), Route 53 (DNS + DNSSEC), API Gateway (REST endpoint), Lambda (serverless compute), DynamoDB (NoSQL visitor counter).
· DevOps Tools: Terraform (infrastructure-as-code blueprints), GitHub Actions (multi‑stage CI/CD), Playwright (headless browser smoke tests).
· Frontend: I hosted the static site on S3 behind CloudFront. Because the bucket was in another account, I used an S3 Access Point to enable CloudFront to fetch its content across accounts. I also enabled CloudFront Functions to force HTTPS and added a security header policy.
· Backend: I built a visitor counter API (Lambda + API Gateway + DynamoDB) that increments a view count on each visit. The Python Lambda uses DynamoDB transactions to prevent race conditions and streams JSON logs to CloudWatch.
· CI/CD: I automated deployments using Terraform and GitHub Actions to update infrastructure and run Playwright tests on each change. Runs are triggered on push request and authenticated with Github Secrets. (Future tweaks include using OICD instead to avoid static credentials)
SERVICES EXPOSURE
16
IaC Resources
18
Monthly Spend
~$3.00
CI/CD Runs
3
Challenges Overcome
Cross-Account Permissions: Getting CloudFront in one account to read an S3 bucket in another caused “Access Denied” errors. After multiple failed attempts with roles and policies, I solved it by using an S3 Access Point for cross-account access.
Custom Features & Security Mods
· DNSSEC: Enabled DNS Security Extensions on my domain to prevent DNS spoofing.
· Cost & Best Practices: Set up AWS Budgets alarm and enforced least-privilege IAM, S3 encryption, and HTTPS-only access.
Personal Takeaways
· Deepened AWS expertise and bridged textbook knowledge to real-world practice.
· Learned resilience and systematic problem-solving under real constraints.
· Reinforced passion for cloud engineering and motivation for future projects.