Hello
thank you very much for the blog post.
I would like to suggest few point to go forward:
- It’s not a good practice to go live with a public S3 bucket: for high availability and security it’s better to have cloudfront in front of S3
- It’s not a good practice to access the S3 bucket with a IAM user: it’s highly recommended to assigner a role to the EC2 instance.
- (Optional) Do do not deploy on EC2 choose something more cloud “oriented”: ECS Fargate, Beanstalk, App Run
I am trying build such AWS infrastructure here … with terraform: GitHub - pagopa/cms-infra: Infrastructure to host the PagoPa headless CMS
it’s still a work in progress.