Posts

Showing posts from June, 2026

How to Deploy a React App to S3 and CloudFront Using GitHub Actions

Every time you push to main, you want your React app built and live — not a manual aws s3 sync from your laptop. Setting up a GitHub Actions workflow that runs npm run build and deploys to S3 with CloudFront invalidation is straightforward once you understand the IAM surface and the ordering of operations. Get either wrong and you end up with stale cache or a pipeline that works on your machine but fails in CI. TL;DR: React App Deployment to S3 and CloudFront Phase Tool Key Action Build GitHub Actions + Node npm ci && npm run build Upload AWS CLI aws s3 sync ./build s3://your-bucket --delete Invalidate CloudFront API aws cloudfront create-invalidation Auth OIDC (recommended) No long-lived AWS credentials in GitHub Secrets How the Deployment Pipeline Works Before writing a single line of YAML, it helps to understand what actually happens between a git push and a user seeing updated conten...

AWS Lightsail vs EC2: When to Use Lightsail for Simple VPS Workloads

You need a WordPress site running by end of day, not a three-hour deep dive into VPC subnets, security group rules, and instance type pricing matrices. AWS Lightsail exists precisely for that scenario — it wraps a fixed-resource virtual server behind a flat monthly price and a simplified console, trading EC2's configurability for operational simplicity. Understanding where that trade-off breaks down is what determines whether Lightsail is the right call or a decision you'll regret at scale. TL;DR: AWS Lightsail vs EC2 at a Glance Dimension AWS Lightsail Amazon EC2 Pricing model Flat monthly bundle (compute + storage + transfer) Per-second billing, storage and transfer billed separately Setup complexity Low — guided console, pre-built blueprints High — requires VPC, subnet, SG, IAM, key pair configuration Instance sizing Fixed bundles (CPU, RAM, SSD, transfer) Hundreds of instance types, fully configura...

How to Schedule EC2 Instance Stop and Start with EventBridge Scheduler and Lambda

Every dev team has that one EC2 instance running overnight doing absolutely nothing — burning compute budget while everyone sleeps. Scheduling an EC2 instance to stop at night and start in the morning is one of the highest-ROI automation tasks you can implement in under an hour, and EventBridge Scheduler with Lambda is the cleanest way to do it without third-party tooling. TL;DR: EC2 Schedule Stop/Start Setup Component Role Key Detail EventBridge Scheduler Triggers Lambda on cron schedule Timezone-aware, no CloudWatch Events needed Lambda Function Calls EC2 start/stop API One function handles both actions via input payload IAM Role (Lambda) Authorizes EC2 API calls Scoped to specific instance IDs IAM Role (Scheduler) Allows Scheduler to invoke Lambda Separate from Lambda execution role Stop Schedule 7 PM local time, weekdays cron(0 19 ? * MON-FRI *) in your timezone Start Schedule 9 AM local tim...

EC2 High Network I/O but Low CPU: Diagnosing Traffic with CloudWatch and VPC Flow Logs

You're staring at an EC2 instance that feels sluggish — page loads are slow, API responses are dragging — but CloudWatch shows CPU sitting at 10%. The instinct is to blame the application, but the real bottleneck is somewhere in the network layer. This post walks through how to use CloudWatch network metrics and VPC Flow Logs to trace exactly where the traffic is going and what's causing the slowdown. TL;DR: EC2 High Network I/O Diagnosis Step Tool What You're Looking For 1. Confirm network saturation CloudWatch EC2 metrics NetworkIn/NetworkOut spike vs. baseline 2. Check instance bandwidth cap EC2 instance type specs Baseline vs. burst network throughput 3. Identify traffic direction CloudWatch NetworkPacketsIn/Out Asymmetric packet counts suggest specific patterns 4. Trace source/destination VPC Flow Logs Top talkers, unexpected destinations, rejected traffic 5. Correlate with applicati...

How to Make CloudFront Serve Your S3 Website with a Custom Domain and HTTPS

You have a static site sitting in S3, a CloudFront distribution in front of it, and a domain registered in Route 53 — but the moment you try to attach a custom domain with HTTPS, the process branches into ACM certificate validation, CloudFront alternate domain names, and Route 53 alias records, all of which have to be wired together in the right order or the whole thing silently fails. TL;DR: Custom Domain + HTTPS on CloudFront Step What You Do Why It Matters 1 Request ACM certificate in us-east-1 CloudFront only reads ACM certs from us-east-1, regardless of your origin region 2 Add CNAME validation record to Route 53 ACM must verify domain ownership before issuing the cert 3 Attach the issued cert to CloudFront and add the alternate domain name (CNAME) CloudFront will reject HTTPS requests for domains not listed as CNAMEs 4 Point Route 53 alias record to the CloudFront distribution Alias records resolve ...