HomeResumeProjectsTechnical DetailsDear ReaderContact

Technical notes

A full‑stack demo deployed on AWS free‑tier. Static‑first, accessible, and observable — all planned by me and built with the help of Cursor.

View on GitHub

Frontend

Overview

Next.js + TypeScript, static export

  • React 18 — Server Components by default; Client Components where interactivity is needed
  • App Router, TypeScript strict, Tailwind v4
  • Static export (output: 'export') → S3 + CloudFront (OAC)
  • MDX for content; providerImportSource wiring
  • Dynamic imports for effects (e.g., liquid‑glass) to keep TTI fast
  • Hooks/state used sparingly; a11y + reduced‑motion respected
  • Editorial design tokens and components

Performance

Fast-first defaults

  • Static export with long TTLs for assets
  • Minimal deps; system fonts + one display family
  • Lighthouse CI workflow to catch regressions

Trade‑offs

Free‑tier & simplicity

  • Static export over SSR to reduce cost/complexity
  • DynamoDB over RDS to stay in free‑tier and keep ops light

LaTeX (Resume)

Two paths: HTML and PDF

  • Build‑time parsing of template.tex → structured HTML resume
  • Optional browser WASM compile (SwiftLaTeX) for on‑demand PDF; vendored engine + public sources work with static export

PWA Support

Favicons & manifest

  • Complete favicon set (ICO, SVG, PNG 96x96)
  • Apple touch icon (180x180) for iOS
  • Web app manifest for Android home screen
  • PWA icons (192x192, 512x512) with maskable support

Backend & Infra

Live status

API health...

API & Integration

Small, typed, and secure

API
HTTP API: GET /health, POST /contact
Runtime
Lambda Node 20 (TS), esbuild bundling
Data
DynamoDB for submissions + rate limits
Email
SES notifications
CORS
Locked to prod/staging origins

AWS (CDK)

Secure by default

  • S3 private origin + CloudFront OAC
  • SPA fallback (403/404 → /index.html)
  • Security headers + CSP for flags and API
  • Outputs piped to GitHub Actions for deploys

Security & Rate Limiting

IP-Based Rate Limiting

Prevent spam and abuse

  • 3 submissions per IP per hour
  • 10 submissions per IP per day
  • DynamoDB tracking with 24h TTL expiration
  • Returns 429 Too Many Requests when exceeded

Input Validation

Strict enforcement

  • Max payload size: 10KB
  • Field length limits (name: 100, email: 100, message: 2000)
  • Email format validation
  • Input sanitization (removes control chars, null bytes)

CAPTCHA Ready

Cloudflare Turnstile

  • Component implemented, disabled by default
  • Enable via environment variable if needed
  • Free and privacy‑friendly
  • Auto‑verifies when disabled (no code changes)

Observability & Monitoring

CloudWatch Alarms

5 alarms monitoring

  • Lambda invocations >1000/hour
  • Lambda errors >10/hour
  • API 4xx errors >50/hour
  • API throttles >20 in 5 min
  • DynamoDB writes >100/hour

SNS Notifications

Real‑time alerts

  • Email notifications for all alarms
  • Immediate incident response capability
  • Track attack patterns and anomalies

Dashboard

CloudWatch metrics

  • Lambda invocations and errors
  • API Gateway requests and errors
  • Real‑time traffic visualization
  • Historical trend analysis

Projects Architecture

Expandable Tech Details

Inline showcase

  • Click to expand technical architecture on project cards
  • Shows stack, architecture overview, and highlights
  • Smooth animations with reduced‑motion support
  • Accessible with proper ARIA attributes

Dedicated Detail Pages

/projects/[slug]

  • Deep‑dive pages for major projects
  • Tech stack breakdown by category
  • System architecture with component details
  • Challenges solved and performance metrics
  • Static generation via generateStaticParams

Cost Protection

Normal Traffic

$0/month

  • All services within AWS free tier
  • API Gateway: 1M requests free
  • Lambda: 1M requests, 400k GB‑seconds free
  • DynamoDB: 25 GB storage, 25 WCU/RCU free

Under Attack

~$2-3/month max

  • Rate limiting caps request volume
  • IP tracking prevents DynamoDB explosion
  • CloudWatch alarms enable quick response
  • Multi‑layer protection prevents runaway costs

Without Protection

$50-500+/month

  • Unlimited Lambda invocations
  • Unbounded DynamoDB writes
  • No alerting or cost caps
  • This architecture prevents this scenario

What’s next

  • Per‑PR previews via a staging distribution
  • Stronger CSP + Lighthouse budgets
  • CI “Print to PDF” artifact for the resume
  • AWS Budget alert automation (currently manual)