A Terraform module that provisions a Ghost blog with Umami analytics on AWS Lightsail, secured and accelerated by Cloudflare.
Published alongside https://clegginabox.co.uk/enterprise-architecture-for-a-blog-nobody-reads
- AWS Lightsail instance running Ghost CMS and Umami analytics via Docker Compose
- Cloudflare Tunnel for secure connectivity without exposing ports
- Cloudflare CDN, caching, WAF rules, and Zero Trust access control
- Cloudflare R2 for media storage
- AWS S3 backup buckets with cross-region replication
- AWS SES for transactional email
- AWS SSM for secrets management
This is a reference implementation created as part of a blog post. It is not intended for production use without modification.
- Terraform >= 1.10.0
- AWS account
- Cloudflare account with a domain
- Pre-existing KMS keys for encryption
MIT