Static Web Hosting
A sci-fi themed "Galactic Ship Registry" static website served through S3, cached by CloudFront, and accessible via Route53 DNS. The site includes HTML pages, CSS, JavaScript, and SVG assets - all deployed through a CI/CD pipeline. This scenario validates Simfra's content delivery stack from DNS resolution through CDN caching to encrypted object storage.
Services
| Service | Role |
|---|---|
| S3 | Static website hosting with SSE-KMS encryption and public read bucket policy |
| CloudFront | CDN distribution with custom S3 origin and caching behavior |
| Route53 | Hosted zone with ALIAS record pointing to CloudFront |
| KMS | Customer-managed key for S3 server-side encryption |
| IAM | Least-privilege roles for CI/CD pipeline |
| CloudFront OAC | Origin Access Control for secure S3 access |
| CodeCommit | Source repository for site content |
| CodeBuild | Validates and packages site assets |
| CodePipeline | Orchestrates content deployment |
Architecture
Client --> Route53 (registry.ships.simfra.dev)
|
v
CloudFront CDN
|
v
S3 bucket (static website, SSE-KMS)
The site uses CloudFront Origin Access Control (OAC) instead of public bucket ACLs, following the AWS-recommended pattern for secure S3 origins. Route53 resolves the custom domain to CloudFront via an ALIAS record. S3 stores all objects with KMS server-side encryption.
What This Validates
- S3 static website hosting with index and error document configuration
- CloudFront CDN distribution with custom origin and default root object
- Route53 ALIAS record resolving to CloudFront distribution
- CloudFront Origin Access Control (OAC) for S3 origin security
- KMS server-side encryption on S3 objects
- Correct MIME type handling for HTML, CSS, JavaScript, and SVG content
- Cache behavior and cache hit headers from CloudFront
- Custom error page (404) handling
Test Coverage
Tests include smoke checks for all resource existence and connectivity, integration tests for content delivery across multiple page types with correct content types, caching behavior validation with cache hit headers, custom 404 error page handling, security tests for S3 KMS encryption, and performance tests with 10 concurrent requests measuring response times.