A minimal, production-ready template for deploying Astro sites to AWS. Get a professional static site infrastructure up and running in minutes.
- Clean Astro installation with single
index.astrostarter page - Tailwind CSS 4.x pre-configured and ready to use
- Automatic sitemap generation
- Optimized build configuration for AWS S3
- S3 static website hosting with AES-256 encryption and public access blocks
- CloudFront CDN with SSL/TLS, security headers, and caching optimization
- Route 53 DNS management and domain configuration
- ACM SSL certificate with automatic DNS validation
- IAM least-privilege deployment permissions
- One-command deployment:
npm run deploy - Automatic CloudFront cache invalidation
- Health checks and deployment verification
- Environment configuration with validation
- Comprehensive error handling and rollback
- OpenTofu/Terraform configuration included
- Version controlled infrastructure state
- Repeatable deployments across environments
- Easy infrastructure updates and rollbacks
# Clone the template (replace with your repo URL after creating from template)
git clone https://github.com/richhaase/astro-on-aws-template.git your-site-name
cd your-site-name# Run the setup script to configure your site
npm run setupThe setup script will prompt for:
- Project name (
my-awesome-site) - Domain name (
mysite.com) - Project title (
My Awesome Site) - Description (
An amazing website built with Astro) - Author information (name, email, twitter)
- AWS region (
us-east-1,us-west-2, etc.)
# Install all dependencies
pnpm install# Start Astro dev server
cd site
npm run devYour site will be available at http://localhost:4321 with hot-reloading.
- Configure AWS credentials (AWS CLI, environment variables, or IAM roles)
- Create Terraform state bucket (one-time setup):
# Create S3 bucket for Terraform state aws s3 mb s3://your-project-terraform-state --region us-east-1
# Deploy AWS infrastructure (S3, CloudFront, Route 53, etc.)
npm run infra:apply# Build and deploy your site
npm run deployThat's it! Your site will be live at your custom domain with SSL, CDN, and professional hosting.
βββ site/ # Astro application
β βββ src/
β β βββ pages/
β β β βββ index.astro # Your starting page
β β βββ styles/
β β βββ global.css # Tailwind CSS imports
β βββ public/ # Static assets
β βββ package.json
β βββ astro.config.mjs # Optimized for AWS deployment
βββ infra/ # AWS infrastructure (OpenTofu/Terraform)
β βββ main.tf # Infrastructure configuration
β βββ variables.tf # Customizable variables
β βββ s3.tf # S3 bucket and policies
β βββ cloudfront.tf # CDN configuration
β βββ route53.tf # DNS configuration
β βββ acm.tf # SSL certificate
βββ scripts/ # Deployment automation
β βββ deploy.js # Site deployment script
β βββ infra.js # Infrastructure management
β βββ health.js # Health check utilities
β βββ setup.js # Template initialization
βββ .env.example # Environment configuration template
βββ template.config.js # Template settings and variables
cd site
npm run dev # Start Astro dev server
npm run build # Build for production
npm run preview # Preview production buildnpm run deploy # Deploy site to AWS
npm run health # Check site healthnpm run infra:init # Initialize Terraform
npm run infra:plan # Preview infrastructure changes
npm run infra:apply # Deploy infrastructure
npm run infra:destroy # Destroy infrastructureCreate different environments by copying and modifying configuration:
# Development environment
cp .env.example .env.dev
# Edit .env.dev with dev-specific values
# Production environment
cp .env.example .env.prod
# Edit .env.prod with production values
# Deploy to specific environment
NODE_ENV=dev npm run deploy
NODE_ENV=prod npm run deploy- S3 Server-Side Encryption with AES-256 and bucket key enabled (99% cost reduction)
- S3 Public Access Blocks preventing accidental public bucket exposure
- CloudFront Security Headers (CSP, HSTS, X-Frame-Options, X-Content-Type, Referrer-Policy)
- HTTPS Everywhere with secure redirects and SSL/TLS certificates
- CloudFront Origin Access Control restricting S3 access to CDN only
- IAM least-privilege access for deployments
- Environment file security with proper gitignore patterns
- No local state files - all Terraform state stored securely in S3
- CloudFront CDN with global edge locations
- Optimized caching for static assets
- Compressed HTML and automatic minification
- Modern image formats and optimization
- Clean URLs without .html extensions
Domain not resolving:
- DNS propagation can take 24-48 hours
- Verify Route 53 name servers match domain registrar
SSL certificate pending:
- Ensure DNS is configured correctly for validation
- Certificate validation can take 10-30 minutes
Deployment fails:
- Check AWS credentials are configured
- Verify S3 bucket permissions
- Ensure CloudFront distribution is deployed
Site not updating:
- CloudFront caching may be serving old content
- Run
npm run deployto trigger cache invalidation
- Check the logs:
npm run health -- --verbose - Verify infrastructure:
npm run infra:plan - Review AWS documentation
MIT License - see LICENSE file for details.
Built for developers who want professional AWS hosting without the complexity.