Static S3 Website with Terraform.

March 06, 2025

In this post, I walk through deploying a static S3 website on AWS using Terraform, assessing security with Prowler, and highlighting key takeaways.

Today's lab focused on creating a static website hosted on AWS S3 using Terraform.

I’ve used Terraform before, so after configuring my AWS credentials, I quickly set up the infrastructure in VSCode.

Once deployed, I used Prowler to run a security check on my AWS account, and unsurprisingly, the S3 website had some security gaps.

Key Takeaways:

Infrastructure as Code (IaC) with Terraform automates setup, making it repeatable and versioned.

Prowler is an open-source security tool for AWS, Azure, Google Cloud, and Kubernetes to assess security, perform audits, and recommend fixes.

S3 bucket security is crucial: ensure public access is blocked, apply strict permissions, enable logging, and use encryption to safeguard sensitive data.

Follow my journey

Get my latest thoughts, posts and project updates in your inbox. No spam, I promise.