Amazon Web Service – Foundations of Infrastructure as Code

Introduction

This post showcases a collection of short-form, production-relevant CloudFormation templates I’ve built to demonstrate my practical experience with AWS Infrastructure as Code (IaC). Each template targets a specific use case — from serverless automation to scheduled database tasks — and is designed for clarity, modularity, and reusability. All templates are available in my GitHub repository, complete with documentation and deployment instructions.

CloudFormation Templates

Static Website From S3

This CloudFormation template provisions an AWS S3 bucket configured to host a static website. It includes versioning, server-side encryption, public read access, and a website configuration block for index and error pages.

What it Does

• Creates an S3 bucket with:
  • Static website hosting enabled
  • Versioning and AES-256 encryption
  • Bucket ownership and public access settings configured
• Applies a Bucket Policy to allow public read access
• Outputs the website endpoint URL after deployment

EC2 Hello World with NGINX

This CloudFormation template provisions an Amazon EC2 instance running NGINX, pre-configured to display a simple “Hello, World” message. It also sets up a security group allowing HTTP and SSH access.

What it Does

• Launches a t2.micro EC2 instance using the Amazon Linux 2023 AMI
• Installs and starts NGINX via EC2 UserData
• Creates a basic HTML page at the root web directory
• Configures a security group that allows inbound HTTP (port 80) and SSH (port 22)
• Outputs the public IP address of the instance

Lambda Function with API Gateway

This CloudFormation template provisions an AWS Lambda function fronted by a REST API using Amazon API Gateway. The function is configured with basic logging permissions and returns the received request body as a JSON response.

What it Does

• Creates a Lambda function using Python 3.11
• Attaches a basic IAM role with CloudWatch logging permissions
• Sets up an API Gateway REST API with a /hello endpoint
• Configures an HTTP POST method to proxy requests to the Lambda function
• Outputs the fully qualified API endpoint URL after deployment

Lambda to DynamoDB via API Gateway

This CloudFormation template provisions a complete serverless backend that allows external HTTP clients to write data to a DynamoDB table via an AWS Lambda function. The function is exposed through an API Gateway POST endpoint and writes data directly to a DynamoDB table using the AWS SDK.

What it Does

• Creates a DynamoDB table with a simple id primary key
• Deploys a Python-based AWS Lambda function that accepts POST data and writes it to DynamoDB
• Sets up an API Gateway REST endpoint at /write to trigger the Lambda
• Provides IAM permissions for logging and DynamoDB access
• Outputs the public API endpoint and resource names

Aurora Cluster Automation – Scheduled Restore & Delete

This CloudFormation template provisions a complete serverless backend that allows external HTTP clients to write data to a DynamoDB table via an AWS Lambda function. The function is exposed through an API Gateway POST endpoint and writes data directly to a DynamoDB table using the AWS SDK.

What it Does

• Creates two AWS Lambda functions:
  • One to restore a cluster from a snapshot
  • One to delete the cluster automatically
• Schedules both functions to run daily using Amazon EventBridge
• Grants necessary IAM permissions to manage RDS resources
• Passes environment variables securely to the Lambda functions
• Accepts inputs for custom identifiers, security group, and subnet group