Chevre, this week’s parsha is Tzav (צו) and Shabbat HaGadol. Shabbat HaGadol (the Great Shabbat) is the Shabbat before Pesach (Passover). So you’ve been warned. This week’s parsha goes into detail around the sacrifices offered in the Mishkan (Tabernacle) and Temple. I thought it would be fun to dive into the details of how I write and publish this Dvar Torah.
I’m currently writing this on Dropbox Paper. I moved from Quip many years ago so that I own the content and don’t have to worry about losing data should I eventually leave Amazon (at 67, retirement?). When I’m finished, I’ll export this to the local computer as a markdown file. I will have already authenticated to my personal AWS account via SSO (Identity Center). I have a script that takes all the files in that directory and pushes them to a 3 day S3 bucket. I have several of these buckets in different regions (and I have similar in my work account). They have a 3 day lifecycle policy so I can use them as a temp space to move files around (hat tip to Ronen Slasky for this idea).
I have an EC2 instance that is part of my personal DNS infrastructure (pi-hole + unbound). That EC2 has IAM permissions for a few extra things that I use. I have a script that displays a list of the objects in the 3 day S3 bucket and I can select the one I want by number (I have similar scripts for easy downloading). This script, however, downloads the markdown to /tmp/ and then uploads it to Dropbox (again so I have a running archive as an extreme backup) and shares a URL with an SQS queue. (I’m sure there are those yelling at your screens telling me to use an S3 Pre-signed URL. I found that with the short-lived access I’m using, the links weren’t valid long enough to complete what I needed).
The SQS Queue triggers a Lambda (container based on graviton) that downloads the markdown, and adjusts required headers so the outputted website is consistent and has all the required time stamps, etc. The file is then pushed to an S3 bucket, in the Clouded Torah AWS Account. This bucket contains the source markdowns for the website. The addition of an object to this bucket triggers another Lambda (container based on graviton) in the Clouded Torah AWS Account. All the Lambdas I’m using here are containers because they are running Bash scripts and running them as containers is the easiest and most effective way for them to consistently work. And the Clouded Torah website is based in the Ohio region because at the time I built this process (June 2024) some features/functions were not available in the Israel region. I believe I couldn’t use an Israeli bucket as a CloudFront origin.
The website is built using Hugo (at the recommendation of Maish Saidel-Keesing). The Lambda downloads all the source from the S3 bucket, runs hugo to process it into a website. This makes all the pages, all the links, the RSS feed, etc etc. And the entire page is static, so super simple. The website has R53 for DNS and CloudFront + S3. That’s it. So the Lambda finishes compiling the updated static page and pushes that to the CloudFront Origin S3 bucket in the Clouded Torah AWS Account. This makes the changes public, but not yet visible. The Lambda next pushes a CloudFront invalidation for the index page, RSS feed file and sitemap. Once that is completed, the updated pages are visible in CloudFront. Finally, the Lambda sends a completion message to an SQS queue in my primary account that notifies me the deployment is complete.
The S3 buckets are small. The source bucket is 100MB and the origin bucket is 70MB. CloudTrail in the account is bigger at 210MB. Most of my S3 costs are from CloudFront requests and the S3 costs for Feb were $0.18. R53 came in at $0.51 and ECR was $0.06. The biggest cost is the AMI I keep around so I can update the Lambda if I ever needed. That cost $2.89 for Feb. I actually had to spin up an EC2 with the AMI to verify everything the deploy Lambda was doing. Overall, the Cost to run the website is under $4.00 a month.
The deploy Lambda takes about 84 seconds to run. The push Lambda takes about 30 seconds to run. So the whole process from initial send to Deploy Complete is under 3 min. Given that I do that first and then manually copy/paste the Dvar Torah to the other locations (Whatsapp, a few Slack locations in and out of Amazon, Discord, Twitter and BlueSky), the deployment completes in the background as I’m doing the manual copy/paste.
This was fun for me to write up, I hope you enjoyed. Shabbat Shalom.