← Back to case studies

Case Study 03

Low-cost static hosting architecture for a real business

How a traditional business got a fast, secure and maintainable web presence using static architecture, S3, Cloudflare and Terraform.

2026 · 6 min read
  • AWS S3
  • Cloudflare
  • Terraform
  • Static Hosting
  • Security

Summary

A traditional business needed a professional online presence: fast, secure, easy to maintain and with almost no operating cost.

The answer was not a heavy CMS, a server, a database or a platform with monthly fees. The right architecture was static hosting: S3 for origin storage, Cloudflare for DNS, CDN and TLS, Terraform for repeatable infrastructure and a restricted origin path.

Context

This was a real business need, not a portfolio experiment. The site had to be useful for my father's work, which meant the solution needed to be reliable without creating operational overhead.

The human part mattered, but the engineering requirement was still simple: solve the actual problem with the lowest long-term maintenance burden.

Visible Problem

The business needed a credible website, but the risk was choosing an architecture that created more work than value.

Option 01

Website builder. Fast to start, but tied to a platform and monthly cost.

Option 02

Traditional hosting. Familiar, but unnecessary for a simple static presence.

Option 03

Static architecture. Lower moving parts, lower cost and easier reliability.

Architecture

The architecture keeps the origin simple and moves delivery concerns to Cloudflare. S3 stores static files, Cloudflare handles DNS, CDN, TLS and cache, and Terraform keeps infrastructure changes explicit.

Static hosting architecture for Casa Lucho using Cloudflare, S3, Terraform and restricted bucket policy
Static hosting architecture used as-is: visitors reach Cloudflare, cache misses go to S3, Terraform manages deployment and bucket policy restricts direct origin access.

Key Decisions

  • Use static files because the site did not need server-side rendering or a database.
  • Use S3 as a low-cost origin for HTML, assets and optimized images.
  • Use Cloudflare for DNS, CDN, TLS and cache behavior.
  • Use Terraform so the infrastructure could be reviewed and recreated.
  • Restrict direct S3 access so the public path stays through Cloudflare.

Security Considerations

A small website does not need complex security, but it still needs the right boundaries. The important part was avoiding a publicly exposed origin and keeping the deployment process repeatable.

Restricted origin

Bucket policy limits direct access and keeps Cloudflare as the intended public entry point.

No runtime surface

No server, no database and no admin panel means fewer moving parts to patch or monitor.

Performance and Cost

Lighthouse

98/100 on the measured page.

LCP

1.4s with optimized static delivery.

Cost

Practically zero using S3 low usage and Cloudflare free tier.

Trade-offs

Static architecture is not always the answer. It is the right answer when the content is mostly informational, updates are controlled and the business does not need dynamic backend behavior.

The trade-off is accepting a simpler content workflow in exchange for lower operational cost, better performance and fewer failure modes.

Result

  • A fast and professional web presence for a real business.
  • Almost no runtime infrastructure to operate.
  • Repeatable deployment with Terraform and AWS CLI.
  • Secure-enough delivery path for the actual risk profile.

View live site →

Lesson Learned

The best architecture is not the most complex one. It is the one that solves the right problem with the lowest operational cost.

Tap outside the image to close