From Static Sites to AI Orchestration

Building, breaking, learning — a progression through AWS cloud and AI

19
Projects Shipped
9
AI Projects (Bedrock)
20+
AWS Services Used
2
Live Sites (HTTPS/CDN)

Evolution Timeline

Foundation
Portfolio Site on S3
Started with manual S3 uploads, no CDN, no HTTPS. Learned the hard way that manual deployments don't scale.
S3 Manual Deploy
Foundation
CloudFront, SSL, Route 53
Added CDN, HTTPS, and custom domain. 50% faster load times. Zero-downtime migration with rollback plan.
CloudFront ACM Route 53
Growth
IaC, HA Web App, Event Pipeline
Built 10 CloudFormation + Terraform templates. Deployed Multi-AZ with Auto Scaling. Wired S3 events to Lambda to DynamoDB to SNS.
CloudFormation Terraform Auto Scaling Event-Driven
AI Era
AI Chatbot + Language Translator
First Bedrock Nova Lite integration. Built serverless APIs with Lambda + API Gateway. Learned prompt engineering and Function URL patterns.
Bedrock Nova Lite API Gateway AWS Translate
AI Era
Document Intelligence + Text-to-Speech + Log Analyzer
Chained AI services together — Textract extracts, Bedrock summarizes, Polly narrates. Event-driven S3 triggers for automated processing.
Textract Polly S3 Events Lambda Chains
Advanced
CI/CD + OIDC Federation
GitHub Actions with OIDC — no stored credentials. Auto-deploy on push to main. CloudFront invalidation in the pipeline. Both sites fully automated.
GitHub Actions OIDC CI/CD
Advanced
SAM/IaC + Async Pipelines
Architecture Reviewer: API Gateway → Lambda → SQS → Bedrock → DynamoDB. Cost Optimizer: EventBridge schedules + SES email reports. Infrastructure as code with SAM.
SAM SQS DynamoDB EventBridge
Advanced
Failover Orchestrator — Step Functions + Bedrock
AI-powered failover decisions. Step Functions orchestration with conditional branching. Bedrock reasons over health check evidence to decide if failover is warranted.
Bedrock Reasoning Step Functions EventBridge SAM

Before vs. After

Where It Started
  • Manual S3 uploads via console
  • No HTTPS, no CDN
  • Static HTML only — no backends
  • No version control workflow
  • No infrastructure as code
  • Reactive troubleshooting
  • No AI/ML integration
Where It Is Now
  • CI/CD auto-deploys on git push
  • CloudFront CDN + TLS 1.2+ on both sites
  • Full-stack serverless AI applications
  • OIDC federation — no stored credentials
  • SAM templates for repeatable deploys
  • Deployment discipline with rollback plans
  • 9 AI projects using Bedrock Nova Lite

By the Numbers

0 → 9
AI Projects Built
HTTP → HTTPS
Both Sites Secured
Manual → CI/CD
Deployment Pipeline
Console → SAM
Infrastructure as Code

Key Lessons

🔐
OIDC Over Stored Credentials

GitHub Actions with OIDC federation eliminates long-lived access keys. The IAM role trusts the GitHub identity provider — no secrets to rotate or leak.

🧠
Bedrock Prompt Engineering

Structured prompts with explicit rules and JSON output format produce reliable, parseable AI responses. Temperature 0.1 for consistency, clear constraints for safety.

📦
SAM for Repeatable Deploys

Moving from console clicks to SAM templates made deployments repeatable and reviewable. template.yaml becomes the single source of truth for infrastructure.

Event-Driven Over Polling

S3 events trigger Lambda, EventBridge schedules invoke checks, SQS decouples producers from consumers. Let AWS handle the orchestration.

🛡️
Security Headers Matter

HSTS, CSP, X-Frame-Options, and Content-Type-Options on CloudFront. Enterprise-grade security with a single response headers policy.

💰
Cost Awareness from Day One

Reduced monthly infrastructure costs by 80% (~$100 → ~$20) by migrating from traditional EC2/RDS/ALB architecture to a fully serverless model. Cleaned up 6 unused CloudFront distributions, 3 S3 buckets, and 6 CloudFormation stacks. Every architecture decision considers cost.

🔄
Commit Before Moving On

After confirming changes work, always commit and push before starting the next task. Keeps the repo in sync with what's live and prevents drift.

🚀
Cache Invalidation in CI/CD

CloudFront cache invalidation as the final CI/CD step ensures users see updates immediately. Without it, changes can take 24 hours to propagate.

📋
Deployment Discipline

Never deploy without a rollback plan. Back up before changes. Require explicit approval before each phase. Small mistakes compound in production.

Explore the projects behind these takeaways

Portfolio AI Projects