So I finally got around to to deploying a TLS cert and HTTPS for this site. 

The front-end runs on an AWS stack as described on the front page. The source files are hosted in S3 and I use Route 53 for DNS resolution. A lambda function handles the contact page along with a graphql api supported by a DynamoDB table.

But S3 by itself doesn't support https and I wanted to make it all "official", so Cloudfront is the serverless way to do it. Getting the combination of config is a little tricky, but it wasn't too bad. You need to have two buckets, one for each domain, e.g. marcusdiaz.com and www.marcusdiaz.com. www forwards to the root domain and the root bucket holds the site files.

Cloudfront is configured to point to the S3 bucket and while there is a little bit of trick to it, you also configure it to forward http to https OR to use both or only https. Also, because of how Gatsby works, you need to rewrite the request headers so that a request to e.g. "marcusdiaz.com/writing" will Rewrite the request to "marcusdiaz.com/writing/index.html". To accomplish that, I used a CloudFront edge lambda function written in js to rewrite with the index.html added.

The site was pretty zippy before, but its even smoother now. The score on web.dev is high and I think the site looks reasonable nice, now. Next, I would like to turn it into a Terraform or Cloudformation template along with Webiny. I also still have ToDO to setup Codebuild to run a build and deploy whenever I add a blog post. Until then, I'll continue to build and deploy from my workstation.