Kennedy Mota

Sharing ideas that might help you

15 Jan 2024

Blog Architecture

  2 minutes  |    408 words

My blog

Imagining that someone might wonder how this blog here works, I will explain below.

Could it be built in a simpler way? Yes. But I wanted to do it this way to learn about the integrations, mainly GitHub with AWS.

Architecture

Below we have the technical drawing of the architecture which I will detail shortly afterwards.

alt

Hugo

I’m using the Hugo framework as the core of this blog because it’s one of the simple ways I found to get started without having to do a lot of work configuring different things. I was looking for something simple and light, and Hugo proved that to me.

Integrations

I am using some integrations to deliver files within AWS securely.

The main one that will distribute my content to the S3 Bucket within my account is GitHub Actions, where after approval of a PR (Pull Request) for the “main” branch of my repository, the build and deploy flow of the static content.

Example of a workflow to be used in your GitHub repository:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

name: Deploy HUGO

on:
  pull_request:
    types: closed
    branches: main

env:  
  AWS_REGION : "us-east-1"

# Permission can be added at job level or workflow level    
permissions:
      id-token: write   # This is required for requesting the JWT
      contents: read    # This is required for actions/checkout

jobs:      
  build:
    name: Build and Deploy
    runs-on: ubuntu-latest
    steps:

      - name: Checkout Repository Credentials
        uses: actions/checkout@v3

      - name: Setup Hugo
        uses: peaceiris/actions-hugo@v2
        with:
          hugo-version: "0.121.2"

      - name: Build minified pages
        run: hugo --gc --minify

      - name: configure aws credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: <<YOUR_ARN_ROLE_WITH_ACTIONS>>
          role-session-name: GitHub_to_AWS_via_FederatedOIDC
          aws-region: ${{ env.AWS_REGION }}
        
      - name: Sync public directory with S3 bucket
        run: |
          aws s3 sync ./public s3://<<YOUR_BUCKET_S3> --delete

Here we are using an IAM Role to grant access to the GitHub repository with the necessary permissions to insert objects into the Bucket, through Assume Role.

To learn how to create and configure your IAM Role for GitHub, see this AWS post.

Reinforcing that there are several ways to make this happen and I chose this one because it forced me to learn a little more about how IAM Role and other services work.

We will continue in a next post…

To the next!