Secure static portfolio infrastructure with Terraform, S3, and CloudFront.

Static sites still need secure cloud architecture.

A portfolio website should be simple to operate, but the infrastructure should still demonstrate security fundamentals: private storage, encrypted delivery, custom domain support, security headers, and repeatable deployment.

Use Terraform to make the hosting pattern repeatable.

• Created private S3 hosting bucket with encryption, versioning, and public access block.
• Delivered content through CloudFront instead of exposing the bucket directly.
• Configured ACM certificate validation and Route 53 records for the custom domain.
• Added security response headers including CSP, HSTS, X-Frame-Options, and content-type protection.
• Used deploy automation to sync content to S3 and invalidate CloudFront.

Infrastructure choices communicate engineering maturity.

The project demonstrates secure defaults, least exposure, repeatable IaC, and production-style delivery discipline even for a static portfolio.