AWS Portfolio Architecture - Krzysztof Rzepka

🌐

Internet Users

Global visitors accessing the portfolio website

Route 53

DNS management
• Domain: krisgrzepka.com
• SSL validation
• SES verification

CloudFront

Global CDN
• HTTPS everywhere
• Edge caching
• Custom domain

ACM Certificate

SSL/TLS encryption
• us-east-1 region
• DNS validation
• Auto-renewal

S3 Bucket

Static hosting
• Private bucket
• OAC security
• Vite build files

API Gateway

HTTP API
• POST /contact
• CORS enabled
• AWS_PROXY integration

Lambda Function

Contact form handler
• Node.js 20.x runtime
• ARM64 architecture
• 256MB memory

Simple Email Service

Email delivery
• Domain identity
• DKIM signing
• SPF authentication

CloudWatch Logs

Monitoring & logging
• Lambda execution logs
• 14-day retention
• Error tracking

🌐 Live Production Endpoints

🌍

Website

https://krisgrzepka.com

✅ LIVE

🔗

API Gateway

https://ivn5ztu***.execute-api.eu-west-2.amazonaws.com/contact

✅ ACTIVE

⚡

CloudFront CDN

https://d1qe8cm***.cloudfront.net

✅ DEPLOYED

🔄 Data Flow Patterns

Website Access: User → Route 53 → CloudFront → S3 Bucket → Static Files

Contact Form: Frontend Form → API Gateway → Lambda Function → SES → Email Delivery

DNS & Security: Domain Registration → Route 53 → ACM Certificate → CloudFront HTTPS

Security & Best Practices

Private S3 bucket with CloudFront OAC
HTTPS everywhere with ACM certificates
IAM least privilege for Lambda
CORS protection on API Gateway
Email authentication (DKIM, SPF)

Performance & Scalability

Global CDN with CloudFront edge locations
Serverless Lambda auto-scaling
ARM64 architecture for cost efficiency
Optimized caching policies
Node.js 20.x latest runtime

Cost Optimization

S3 Standard pay-per-use storage
Lambda ARM64 (20% cost reduction)
CloudFront PriceClass_100 (US/Europe)
CloudWatch 14-day log retention
Serverless architecture (no idle costs)

Operational Excellence