Cloud Infrastructure & Automation

Problem

Running real services on a VPS or a single EC2 instance gets you to "it works on my box" quickly, but it breaks the moment you care about latency, repeatable deploys, or least-privilege access. I wanted a setup where a new service could be stood up, fronted with a CDN, locked down via IAM, and torn down again — without any of those steps being a manual click-tour through the AWS console.

Approach

The core runs on AWS EC2 for compute, with CloudFront sitting in front as the CDN and TLS termination layer, including WebSocket proxying so real-time workloads route through the same edge. Services run inside Docker containers, which keeps the host clean and makes service-to-service isolation explicit. IAM is wired with scoped roles per service rather than a single blanket policy, so a compromised container can only reach what it's supposed to. Provisioning and routine ops — instance bootstrap, TLS rotation, log collection, health checks — are driven by Python and Bash scripts kept in version control, so the "how" of a deploy is documented by virtue of being executable.

Outcome

The services I run on this stack have been stable and cheap to operate, and adding a new one is a matter of reusing the existing scripts rather than rediscovering the steps. The CDN layer absorbs the spiky traffic that EC2 would otherwise feel, and the per-service IAM boundaries mean I can onboard a new workload without worrying that it can read everything else. Most importantly, the setup is boring — which, for infrastructure, is the feature.