Serverless Hosting with AWS

In a world of one-click deployments and "magic" hosting platforms, there is still immense value in building things yourself. For the engineer who craves total control, infinite scalability, and near-zero costs, there is no better architecture than the AWS Serverless hexagram: S3, CloudFront, Route 53, ACM, Lambda, and

This isn't just about hosting a static HTML file; it's about building an enterprise-grade infrastructure that can survive a viral traffic spike without flinching.

Here is how we build the "Pro" stack at sevenseven.tech

Figure 1: The Indestructible Architecture. Traffic is routed via Route 53 to CloudFront for static assets, while dynamic requests (Contact Form) are handled by a serverless Lambda function.

1. The Vault: Amazon S3

Everything starts with storage. But we aren't using S3’s "Static Website Hosting" feature. That feature is HTTP-only and requires your bucket to be public.

Instead, we use a Private Bucket. We block all public access and use Origin Access Control (OAC). This ensures that no one can access your files directly from S3; they must go through the front door (CloudFront). This hides your origin and secures your data.

2. The Front Door: CloudFront

CloudFront is the Content Delivery Network (CDN) that caches your site at over 600 Edge Locations globally. Whether your user is in Zagreb or New York, the website loads from a server physically close to them. Crucially, CloudFront allows us to use a custom domain instead of the classic S3 URL. It handles the SSL termination (using a free certificate from ACM) and provides free DDoS protection via AWS Shield Standard.

3. The Brains: Serverless Compute & SES

A static site is fast, but it can’t keep secrets (like API keys) and it can’t send emails on its own. To add dynamic functionality, like our Contact Form, we need a backend. But we don't want to manage a server just to send an email. We solve this by combining AWS Lambda with Amazon Simple Email Service (SES).

The Compute: Lambda on ARM

We deploy a standard Node.js Lambda function to handle form submissions. To optimize for performance and cost, we explicitly configure this function to run on the ARM64 architecture (AWS Graviton2).

• Why ARM? It provides better price-performance than standard x86 functions. It allows us to process requests faster and cheaper.

The Courier: Amazon SES

When a user submits the contact form, the flow is secure and serverless:

1. Trigger: The frontend sends the form data (JSON) to our Lambda function.
2. Validation: The Lambda securely verifies the reCAPTCHA token with Google. This validation happens on the server side, keeping our secret keys hidden from the browser.
3. Dispatch: Once the request is verified, the Lambda invokes Amazon SES.
4. Delivery: SES, which is optimized for high deliverability, sends the formatted email directly to our support@sevenseven.tech inbox.

This setup ensures that we never miss a message, our IP reputation remains high, and spammers are blocked by the reCAPTCHA validation before they ever touch our email quotas

4. The Identity: Route 53

Finally, Route 53 acts as the phonebook. By using Alias Records, we point the domain directly to the CloudFront distribution. Unlike standard DNS CNAMEs, Alias records allow AWS to route traffic internally, which is faster and often free for queries to AWS resources.

---

Why this is the ultimate hosting setup

You might ask: "Why configure six services when I could use just one?" The answer lies in the Trinity of Resilience, Security, and Cost.

1. Stability & Resilience

This architecture is purely serverless. There is no operating system to patch, no Apache server to restart, and no single point of failure. S3 offers 99.999999999% (11 9s) of durability. If your site suddenly goes viral, CloudFront and Lambda scale instantly to handle the load. Your site effectively cannot crash.

2. Cybersecurity Advantages

By keeping your S3 bucket private and fronting it with CloudFront, you reduce your attack surface significantly.

• Secret Management: Your sensitive keys (like reCAPTCHA secrets) live in the backend Lambda, never exposed to the client.
• DDoS Proof: AWS Shield Standard runs silently in the background.
• No Server Access: Since there are no EC2 instances, there are no SSH ports open to the world and no servers to hack.

3. The "Almost Free" Tier

Perhaps the best part is the price. AWS offers generous free tiers that renew every month (always-free) or for the first 12 months.

• S3: The first 5GB of storage is standard free tier.
• CloudFront: AWS offers 1TB of data transfer out per month for free forever.
• Lambda: You get 400,000 GB-seconds of compute time per month. By using ARM architecture, your paid usage (if you ever reach it) is ~20% cheaper than x86.
• SES: The AWS Free Tier usually allows 62,000 emails per month when invoked from Lambda

In our case, hosting this entire architecture, including storage, global CDN, DNS, and email automation, costs us around $0.45 USD per month. You are getting enterprise-grade infrastructure (the same tech Netflix and Amazon use) for less than the price of a coffee.

Bonus: Infrastructure as Code

Does setting all this up sound like a headache? It doesn't have to be.

By defining this entire stack in Terraform, we can spin up the complete environment, buckets, distributions, DNS records, and Lambda functions, in a matter of minutes. This ensures that our "Indestructible Stack" isn't just powerful; it's reproducible, version-controlled, and ready to deploy at a moment's notice.

---

Need this architecture for your business?

While Terraform makes deployment faster, designing a secure, cost-optimized cloud environment requires experience. If you need help migrating your website or want to build your own "Indestructible Stack" without the learning curve, we are here to help.

Contact us at support@sevenseven.tech or send us a message via our contact form.