This isn't just a portfolio. It's a fully deployed cloud project built on AWS, served via CloudFront, secured with ACM, and continuously deployed from GitHub. Here's exactly how I built it, what went wrong, and what I learned.
Every git push triggers an automatic build and deploy. No manual steps are needed.
Netlify and Vercel are excellent platforms. They are faster to set up and completely free for personal projects. So why go through the effort of deploying on AWS?
The honest answer: I'm transitioning into cloud engineering. Deploying on AWS, even for a static site, forces me to understand IAM, SSL certificates, CDN configuration, and CI/CD pipelines in a way that clicking "deploy" on Netlify never would. Every friction point is a learning opportunity.
When a recruiter or hiring manager visits pavankrishna.dev, they're not just reading about my AWS skills. They're loading a site that runs on AWS infrastructure I configured myself. That's a different kind of credibility.
Here's exactly what I did, in order, to get from a local HTML file to a live HTTPS website.
The entire site is plain HTML, CSS and JavaScript, with no frameworks, no build tools and no dependencies. This keeps it fast, simple to deploy, and easy to maintain. Files include index.html, impressum.html, privacy.html, common.css, index.css, legal.css, common.js and index.js.
Instead of using the root AWS account, I created a dedicated IAM user called amplify-deploy with only the permissions needed: AdministratorAccess-Amplify and AmazonRoute53FullAccess. This follows the principle of least privilege, a core AWS security best practice.
Initialised a git repository, committed all files and pushed to GitHub. This is the source of truth. Amplify watches this repository and deploys automatically on every push.
In the Amplify console, I connected the GitHub repository, selected the main branch, and let Amplify auto-detect the build settings. Since this is plain HTML with no build command needed, the output directory was simply set to /.
Amplify built and deployed the site automatically, assigning a temporary URL at main.xxxxx.amplifyapp.com. The site was already live and served over HTTPS via CloudFront at this point.
Added the custom domain pavankrishna.dev in Amplify using Manual configuration (not Route 53 automatic setup, due to Free Tier limitations). Amplify provided two DNS records to add in Namecheap: one CNAME for SSL verification and one ALIAS record pointing the apex domain to CloudFront.
Deleted the existing parking page records in Namecheap Advanced DNS, then added the two records from Amplify. DNS propagation completed within a few minutes and the domain was live at pavankrishna.dev with a valid SSL certificate.
Nothing goes perfectly on the first try. Here are the real problems I hit and how I fixed them.
When trying to add the custom domain, Amplify threw an error: "User amplify-deploy is not authorized to perform route53:ListHostedZones". The automatic hosted zone creation failed because my IAM user didn't have Route 53 permissions.
Went to IAM → Users → amplify-deploy → Add permissions → Attached AmazonRoute53FullAccess policy. Then retried the domain activation in Amplify. It worked immediately.
Amplify's recommended "Create hosted zone on Route 53" option was blocked with the error: "Free Tier accounts are not supported for this service". This prevented the one-click domain setup.
Switched to Manual configuration instead. This meant manually copying the DNS records Amplify provided and adding them in Namecheap's Advanced DNS panel. More steps, but it works perfectly and costs nothing extra.
Namecheap had two default records on the domain: a CNAME pointing to their parking page and a URL redirect record. These would have conflicted with the new Amplify records.
Deleted both existing records first, then added the two Amplify records cleanly. Order matters here. Always remove conflicting records before adding new ones.
One of the most practical questions in cloud engineering: what's the bill? Here's the honest breakdown for running this portfolio on AWS.
| Service | What it does | Monthly cost |
|---|---|---|
| AWS Amplify Hosting | Build minutes + hosting (free tier: 1000 build mins/month, 15 GB served) | ~€0 |
| CloudFront CDN | Content delivery, which Amplify uses automatically | ~€0 |
| ACM SSL Certificate | HTTPS, free when used with CloudFront | €0 |
| IAM | User and permissions management | €0 |
| Domain (Namecheap) | pavankrishna.dev, 3 year registration | ~€4/month |
| Total | Full HTTPS portfolio on AWS global CDN | ~€4/month |
The AWS costs are effectively zero within free tier limits. For a personal portfolio with low traffic, this will stay free for a long time. The only real cost is the domain registration, which would be the same on any platform.
Never use the root account for deployments. Creating a dedicated IAM user with only the permissions needed is the right habit to build from day one.
When every git push deploys automatically, you start committing more carefully and thinking about changes in smaller, safer increments.
The Route 53 permission error looked scary at first. But reading the error message carefully pointed directly to the fix: attach the right IAM policy and retry.
Under the hood, Amplify is running S3, CloudFront and ACM. Understanding what those services do makes you a better user of the abstraction layer on top.
A globally distributed, HTTPS-secured, auto-deploying website costs effectively nothing on AWS free tier. Understanding the billing model is as important as understanding the architecture.
Writing this page forced me to fully understand every step I took. If you can't explain it clearly, you don't fully understand it yet.