Projects
A small portfolio of hands-on work to demonstrate AWS fundamentals, cloud security thinking,
and practical delivery. This site itself is one of the projects.
Featured
Secure Static Website on AWS (This Site)
S3 (private origin) + CloudFront + Route 53 + ACM
AWS
CloudFront
S3
Route 53
ACM (TLS)
Designed and deployed a static website on AWS using CloudFront as the secure edge layer,
a private S3 origin, and Route 53 for DNS. Implemented HTTPS, custom domain routing, and
a maintainable front-end structure.
- Configured custom domain DNS records and CloudFront distribution for apex + www routing
- Implemented private S3 origin access via CloudFront (no direct public bucket access)
- Enabled HTTPS with ACM certificate and enforced secure delivery via CloudFront
- Created shared
styles.css to standardise UI across pages and improve maintainability
- Added branded favicon and cleaned up edge errors for missing assets
Security Hardening (Client-Side Controls)
CSP + browser hardening approach for static content
Content Security Policy
XSS mitigation
Static site security
Secure-by-default
Implemented a restrictive Content Security Policy suitable for a static site to reduce the risk
of client-side injection and limit resource loading to trusted origins.
- Applied CSP via HTML meta header (plan limitations prevented custom CloudFront header policy)
- Restricted resources to
'self' with explicit allowances for images and required page assets
- Removed inline CSS by migrating to
styles.css to support a stricter policy baseline
- Built the site to avoid unnecessary third-party scripts and reduce attack surface
Next: Logging & Edge Protection
CloudFront logs → S3 → Athena + AWS WAF
Logging
Athena
WAF
Threat visibility
Planned improvements to turn the website into a small cloud security lab: traffic visibility,
simple detection, and edge-layer protection against scanning and abuse.
- Enable CloudFront access logs to S3 and query with Athena for request analysis
- Attach AWS WAF managed rules and basic rate limiting to reduce automated scanning/noise
- Add 404/403 custom error pages for a cleaner user experience and safer failure modes