Optimize Global Web Performance with AWS CloudFront

🚀 Built a Serverless Task Manager on AWS I recently built and deployed a fully serverless web application using S3, CloudFront, API Gateway, Lambda, and DynamoDB. This project helped me go beyond just building — I debugged real-world issues like: • CORS errors • API routing failures (“Missing Authentication Token”) • IAM permission issues • CloudFront caching It was a great hands-on experience in understanding how real cloud systems behave in production. 🔗 Sharing the complete step-by-step blog (with architecture + fixes): https://lnkd.in/diGpx8cC Would love your feedback and suggestions 🙌 #aws #serverless #cloudcomputing #devops #lambda #dynamodb #apigateway #cloudfront #amazons3 #cloudwatch #webdevelopment #backend #frontend #fullstack #cloudengineer #learningbydoing #debugging #techprojects #buildinpublic #awsprojects

“Your system is slow… let’s scale it.” This is the most expensive sentence in Amazon Web Services. Last week, we faced a serious performance issue. - Slow APIs. Rising response times. Pressure from users. - And as expected, the suggestions started coming in: 🚀 Add more EC2 instances 🚀 Increase infra capacity 🚀 Introduce more services Basically… throw money at the problem. But I disagreed. Instead of scaling, I asked one simple question: “Are we sure the system is optimized?” So I started digging. Here’s what I found: • Inefficient MySQL queries doing full scans • Same API being called multiple times unnecessarily • Missing caching where it actually mattered No major architectural flaw. Just small inefficiencies… compounding into a big problem. So we fixed only what was needed: ✔ Query optimization ✔ Smart caching ✔ Removed redundant calls And the result? ⚡ Massive performance improvement 📉 Lower server load 💰 Zero increase in AWS cost No scaling. No extra infra. No over-engineering. This is the truth most teams ignore: 👉 Scaling hides problems, optimization solves them Before you scale your system, ask yourself: “Am I fixing the problem… or just covering it up?” #AWS #CloudComputing #PerformanceOptimization #Backend #DevOps #SoftwareEngineering

Last week we thought our product was finally “taking off”. Traffic on AWS Load Balancer was going up every hour. We didn’t run any big campaign… but still, numbers looked great. For a moment, we were happy. Then we checked actual users. Nothing changed. Something felt off. So we started digging. 1. First checked app logs → nothing useful 2. Then ingress logs → a bit weird 2. Then Load Balancer logs → yeah… something’s wrong It wasn’t users. It was bots. A lot of them. Same endpoints getting hit again and again Random user agents No real behavior — just hammering requests And the worst part? They were quietly increasing our AWS bill. -- Just fixed it step by step: 1/ Put AWS WAF in front and enabled basic bot + rate limiting 2/ Blocked a few obvious IP ranges 3/ Added rate limits on Kubernetes ingress 4/ Added some basic checks in backend (nothing crazy) Within a few hours: Traffic dropped (the fake one) Costs dropped Server felt lighter Honestly, the scary part is: If we didn’t check deeper, we would’ve celebrated "growth" that wasn’t even real. Not all traffic is good traffic. #aws #kubernetes #devops #buildinpublic

💡 Your standby Regions shouldn't cost the same as your primary. Now they don't have to. 👉 https://go.aws/47WpdUP Amazon DocumentDB 5.0 global clusters now support serverless instances. Your secondary Regions can run at minimal capacity during normal operations & auto-scale only when traffic demands—or when a failover occurs. #AmazonDocumentDB What this changes for multi-Region builders: 🔹 Up to 10 secondary Regions, each scaling independently via DocumentDB Capacity Units (DCUs) 🔹 Failover promotion to full read/write capability in under one minute 🔹 No more pre-provisioning instances sized for worst-case scenarios across every Region This is especially relevant for #Serverless multi-Region architectures — SaaS platforms, multi-tenant workloads & apps with time-zone-driven usage peaks. Pair with AWS Lambda & Amazon API Gateway for a fully serverless stack. Honest tradeoff: If your secondary Regions handle consistent heavy read traffic, provisioned instances may still be more cost-effective. Serverless shines brightest when standbys are mostly idle. #Database Check out the demo walkthrough below. 👇

A client came to us with a Video Automation Platform deployed on AWS that was crashing under load & traffic. Users upload a video, it gets posted to Facebook, Instagram, LinkedIn and more. Simple idea. But the infrastructure behind it was a ticking time bomb. Here is what was happening: Every time someone uploaded a large video, the server would download it locally, run FFmpeg to optimize it, then re-upload it to S3. One user? Fine. Three users at the same time? The disk fills up. Server crashes. Client gets angry emails. The junior dev who built it did not think about concurrency. Not a blame game, it is just one of those things you only realize when real users show up. So I rebuilt the processing pipeline. The fix was moving FFmpeg off the EC2 server entirely and onto AWS Lambda with an S3 event trigger. Now the flow looks like this: User uploads video to S3 under a raw/ prefix. S3 automatically triggers a Lambda function. Lambda runs FFmpeg in its own isolated environment with 10GB of temp storage. The optimized file lands in optimized/ prefix. Raw file gets deleted. EC2 never touches the video again. The key insight is that every Lambda invocation is completely isolated. 10 users uploading at the same time means 10 separate Lambda containers running in parallel. No shared disk. No memory pressure. No crashes. I also added a size threshold. Videos under 300MB get copied directly without FFmpeg since the optimization benefit does not justify the processing time. Only heavy files go through compression. The result: a pipeline that scales horizontally without any changes to the EC2 server, at a cost of roughly $0.005 per video processed. Sometimes the fix is not more RAM or a bigger server. It is moving the right work to the right place. If your backend is doing heavy processing synchronously and you are starting to feel the pain of scale, this pattern is worth looking at. #AWS #NodeJS #CloudArchitecture #Serverless #WebDevelopment #Lambda #AWS_Lambda #Scaling #Cloud

Introduction AWS Elastic Beanstalk simplifies the process of deploying and scaling web applications. You upload your code, and Elastic Beanstalk handles capacity provisioning, load balancing, auto scaling, and application health monitoring. Elastic...

Phase 4 of my AWS project is complete — and my food app just survived a full Availability Zone failure. Here's what I built across 3 days and 9 mistakes: The setup — Application Load Balancer routing traffic across 2 EC2 instances in 2 different AZs. If AZ-a goes down, everything automatically shifts to AZ-b. Zero downtime. Users notice nothing. The mistakes that taught me the most: ALB was silently using the wrong security group. AWS auto-attached the default VPC SG instead of my custom one. Every health check request was being dropped at the network layer before Node.js even saw it. Increasing timeout did nothing. Finding the actual attached SG fixed it in 30 seconds. React was hardcoded to the EC2 IP. Adding an ALB doesn't automatically update your frontend code. Three files, three find-and-replace operations. Switched to relative paths (/api/...) so it works behind any load balancer forever. RDS security group was using IP addresses. When EC2 restarts, IPs change. When Auto Scaling adds instances, their IPs won't be in the rule. Fixed by referencing the EC2 security group directly instead — dynamic, automatic, correct. Final result — 4/4 targets healthy across both AZs. ALB distributing traffic. AZ failover tested and confirmed working. What's still missing — HTTPS (Phase 5), EC2 in private subnets, Auto Scaling (Phase 4B next session). Full breakdown with the animated architecture diagram on Medium https://lnkd.in/gujXAvWu #AWS #CloudEngineering #DevOps #HighAvailability #LearningInPublic

I am glad to share that our latest blog on the AWS Networking & Content Delivery - focused on Financial Services, especially Capital Markets - has been published. This piece is co-authored by me, Sourav Bhattacharjee and Lucas R. (formerly with AWS Service Team, now at Microsoft). The blog dives into a very real and often overlooked challenge faced by capital market customers or customer with similar traffic pattern: How to handle Application Load Balancer (ALB) scaling during peak trading hours, while also managing cost efficiency during low-traffic periods, when ALBs remain underutilized but still running with high LCUs. It’s a practical exploration of balancing performance and cost in highly dynamic trading environments, something many FSI customers struggle with. A big thanks to Harpreet Sachdeva, Prakash Shah (ex-AWS, now at Microsoft), Ramanan Kannan, Sasi Kiran Malladi, Tom Adamski, Suresh Sala, Manikhanth Katti, Manjunath M N, and Hemanth kumar Mangalore for your valuable inputs that helped bring this blog to live. Would love for you to give it a read and share your thoughts. And yes, for those wondering, the GenAI-flavoured perspective on this topic is coming soon in next series. https://lnkd.in/gBmcidQq

I thought I understood AWS. Then I deployed everything… and nothing worked. • EC2 running, but no internet • Load balancer up, but traffic still failing • Website updated, but changes not showing • API live, but returning errors with no logs That’s when it clicked: I didn’t understand AWS. I just knew how to follow steps. So I changed how I approached it. Instead of thinking in services (EC2, S3, Lambda), I started thinking in systems: • where requests actually go • how failures show up to users • what depends on what • how security boundaries shape everything Over the past few weeks I built: • a custom VPC with public/private subnet design and controlled access (including bastion host access to private instances) • a multi-AZ load balanced system with proper traffic isolation and resilience • a CDN-backed static site with caching, HTTPS, security headers, and CI/CD (GitHub Actions → S3 + CloudFront invalidation) • a serverless API with API Gateway, Lambda, DynamoDB, IAM least-privilege, observability (CloudWatch), and production-style controls (API keys, rate limiting, custom domain) But the real learning wasn’t building it. It was debugging it. Full repo + breakdown: https://lnkd.in/efjUeB9C #AWS #DevOps #CloudEngineering #PlatformEngineering #SRE

What does a highly available cloud architecture actually look like behind modern web platforms and APIs? To explore this, I designed and deployed a highly available Amazon Web Services (AWS) infrastructure using Terraform, focusing on how real systems manage traffic, security, scalability, observability, and cost optimization in production environments. The architecture includes: • A custom Amazon VPC with public and private subnets across multiple Availability Zones • Controlled internet access through an Internet Gateway • Web application protection using AWS WAF • Intelligent traffic distribution via an Application Load Balancer • Scalable backend compute with Amazon EC2 Auto Scaling • Secure instance management using AWS Systems Manager Session Manager • Monitoring and observability through Amazon CloudWatch • Load balancer access logs stored in Amazon S3 To allow private instances to access the internet securely for updates and external API calls, a NAT Gateway is deployed in the public subnet. This allows backend servers in private subnets to download updates and communicate with external services without being directly exposed to the internet. To balance reliability and cost efficiency, the architecture uses a single NAT Gateway shared across private subnets, rather than deploying one per availability zone. The logging bucket in Amazon S3 also includes: • Versioning enabled to recover objects in case of accidental deletion • Lifecycle policies that move older logs to cheaper storage tiers for cost optimization Beyond hosting web applications, this infrastructure pattern can also power highly available API services. Backend servers running frameworks such as Node.js, Django, or Flask could process requests like: GET /api/v1/payments GET /api/v1/orders POST /api/v1/ride-request Incoming requests follow this production-grade flow: Internet → AWS WAF → Application Load Balancer → Auto Scaling EC2 instances This ensures the system can scale automatically, remain resilient during traffic spikes, and stay protected against common web threats. Architectures like this are commonly used by global platforms such as: 🎬 Streaming services like Netflix 🛒 E-commerce platforms like Amazon 🚗 Mobility platforms like Uber 🏡 Online marketplaces such as Airbnb 💳 Digital payment platforms like Stripe These platforms rely on scalable infrastructure patterns that distribute traffic across multiple servers while maintaining high availability and strong security controls. This project created more clarity around: • Designing highly available cloud infrastructure • Infrastructure as Code using Terraform • AWS networking and traffic flow • Observability and logging strategies • Cost optimization techniques in cloud environments Full Terraform code and documentation available on GitHub, in the comment. Feedback from cloud engineers and architects is always welcome. #AWS #CloudArchitecture #Terraform #DevOps #SolutionsArchitect