I build things
on the cloud

Static files don't need a running server. S3 costs fractions of a cent per GB, scales automatically, and has 99.999999999% durability. EC2 would mean paying for an idle server 24/7 just to serve HTML.

S3 alone serves from one region. CloudFront caches content at 400+ edge locations globally, cutting latency from ~200ms to under 50ms. It also provides HTTPS, which S3 website hosting alone doesn't support with custom domains.

S3 has two URL formats. The website endpoint supports index.html routing and custom error pages. The REST endpoint doesn't. Using the wrong one as a CloudFront origin breaks page navigation entirely.

Image resizing is bursty — you might get 100 uploads in a minute, then nothing for hours. Lambda scales to zero when idle (no cost) and handles 1,000 concurrent executions without configuration. EC2 would sit idle 99% of the time, costing ~$8/month for nothing.

S3 event notifications trigger Lambda the instant a file lands. The alternative — a cron job polling S3 every minute — adds latency, wastes compute, and misses uploads between polls. Event-driven is the cloud-native pattern.

SNS is a pub/sub service — one publish fans out to email, SMS, or other services. SES is for transactional email at scale. For simple notifications to myself, SNS is simpler to set up and doesn't require domain verification.

This is a stateful web app with server-rendered templates, WebSocket-like interactions, and persistent database connections. Lambda has a 15-minute timeout and cold starts that would break the user experience. EC2 gives full control over the runtime.

Running PostgreSQL on EC2 means managing backups, patches, failover, and monitoring yourself. RDS handles all of that automatically. The tradeoff is cost (~$15/month vs ~$0 on EC2), but the operational burden of self-managing a database isn't worth it.

RDS has no public IP. Only the EC2 security group can reach port 5432. Even if someone gets the database credentials, they can't connect from outside the VPC. This is defense in depth — multiple security layers.

EC2 means patching the OS, monitoring disk space, managing Docker daemon, and scaling manually. Fargate removes all of that — you define CPU/memory and AWS handles the rest. The tradeoff is less control over the host, but for a web app that's a good trade.

ECR is private by default and in the same AWS network as ECS, so image pulls are fast and free. Docker Hub has rate limits on free accounts (100 pulls/6 hours) which can break CI/CD pipelines.

GitHub Actions lives where the code lives — no separate CI server to manage. AWS CodePipeline would add another AWS service to maintain. Jenkins would need its own EC2 instance. GitHub Actions is free for public repos and has official AWS actions.

CloudFormation is AWS-only. Terraform works with AWS, GCP, Azure, and 3,000+ providers. If I ever work with multi-cloud or non-AWS services, the same tool and language apply. The tradeoff is that CloudFormation has tighter AWS integration and catches some errors earlier.

The console is fine for learning, but infrastructure built by hand is undocumented, unreproducible, and unauditable. With Terraform, the code IS the documentation. Changes go through pull requests. If a region goes down, terraform apply rebuilds everything elsewhere in minutes.

Infrastructure and application code have different lifecycles. App code changes daily; infrastructure changes rarely. Separate repos mean separate CI/CD pipelines, separate permissions, and clearer ownership. The tradeoff is managing two repos instead of one.

CloudWatch is native to AWS — zero agents to install, metrics flow automatically from ECS. Third-party tools cost $15-30+/month per host and require agent configuration. For a single-service setup, CloudWatch gives you everything you need at near-zero cost.

Without alerts, you'd have to check the console to know something's wrong. SNS pushes notifications to you the moment an alarm fires — email, SMS, or even triggering a Lambda for auto-remediation. You know about problems before your users do.

You could instrument your code to emit custom metrics, but that requires code changes. Metric filters scan existing logs with zero code changes — just define a pattern like "ERROR" and CloudWatch counts matches automatically. It's the fastest path from logs to actionable alerts.

Netlify deploys in one click, but you learn nothing about infrastructure. Hosting on a VPS means configuring Nginx, managing SSL certificates, writing deploy scripts, and understanding how DNS routes traffic to a server. That's the actual job.

Let's Encrypt provides free, automated, and trusted SSL certificates. Paid certs ($50-200/year) offer the same encryption with no practical security difference. Certbot automates renewal every 90 days — set it and forget it.

A GitHub webhook would trigger instant deploys, but requires exposing an endpoint and handling authentication. A 5-minute cron job is simpler, secure (pull-based, not push-based), and good enough for a portfolio — updates are live within minutes of a push.