https://example.org/tags/aws/Recent content in Aws on Lazare's AWS BlogHugoen-usWed, 15 Apr 2026 00:00:00 -0700https://example.org/posts/deploy-hugo-s3-cloudfront-route53/Wed, 15 Apr 2026 00:00:00 -0700https://example.org/posts/deploy-hugo-s3-cloudfront-route53/<p>Deploying a Hugo static site on AWS gives you a fast, scalable, and cost-effective setup. In this guide, we&rsquo;ll walk through hosting your site on <strong>Amazon S3</strong>, distributing it globally via <strong>CloudFront</strong>, and pointing a custom domain using <strong>Route 53</strong>.</p> <h2 id="prerequisites">Prerequisites</h2> <p>Before starting, make sure you have:</p> <ul> <li>A built Hugo site (<code>hugo</code> command generates the <code>public/</code> folder)</li> <li>An AWS account with appropriate IAM permissions</li> <li>A domain name registered in Route 53 (or transferred there)</li> <li>The <a href="https://aws.amazon.com/cli/">AWS CLI</a> installed and configured</li> </ul> <hr> <h2 id="step-1-build-your-hugo-site">Step 1: Build Your Hugo Site</h2> <p>Run the Hugo build command to generate your static files:</p>https://example.org/posts/switch-github-aws-hard-coded-tokens-to-oidc/Wed, 15 Apr 2026 00:00:00 -0700https://example.org/posts/switch-github-aws-hard-coded-tokens-to-oidc/<p>If your GitHub Actions workflow talks to AWS using <code>AWS_ACCESS_KEY_ID</code> and <code>AWS_SECRET_ACCESS_KEY</code>, you are relying on long-lived credentials stored in GitHub secrets. That works, but it creates more secret management overhead than you need. A better approach is to use <strong>OpenID Connect (OIDC)</strong> so GitHub can request short-lived AWS credentials at runtime.</p> <p>In this guide, I&rsquo;ll walk through how to migrate a typical GitHub-to-AWS deployment from hard-coded tokens to OIDC. The pattern is especially useful for static site deployments, where GitHub Actions builds the site, uploads it to <strong>Amazon S3</strong>, and then invalidates <strong>CloudFront</strong>.</p>