Portfolio platform build note

Static Portfolio Deployment Workflow

The deployment workflow uses a dedicated least-privilege IAM user, AWS CLI sync, and CloudFront invalidations to update the static portfolio quickly without broad account access.

Status Implemented site feature
AWS focus
S3CloudFrontAWS CLIIAMPowerShell
UI
Local site folder Client
S3
S3 private origin bucket S3
CF
CloudFront distribution CloudFront
AWS
jakecollyer.cloud

Problem

Manually uploading static files through the console is slow and error-prone. A portfolio site should be easy to update without granting a deploy key full administrator access.

Design

  • A dedicated IAM user is limited to the portfolio bucket and CloudFront distribution.
  • A PowerShell deploy script runs aws s3 sync from the local site folder.
  • CloudFront invalidation clears cached pages after deploy.
  • The script excludes private policy templates and the non-public application resume PDF.

Security decision

The access key is not an admin key. It exists only to deploy static files and create invalidations. That keeps daily publishing convenient while limiting blast radius.