Ravenhelm.ai Landing Page

Enterprise AI Platform public landing page hosted on AWS with multi-environment support.

Overview

Static marketing website for the Ravenhelm AI Platform, deployed to AWS using Infrastructure as Code (Terraform) with automated CI/CD via GitLab.

Environment	URL	Purpose
Production	ravenhelm.ai	Live public site
Staging	hrafngrima.com	Testing and iteration

Repository: gitlab.ravenhelm.dev/nwalker85/ravenhelm-ai
AWS Account: 122441748701
Infrastructure: Terraform-managed (S3 + CloudFront + Route53 + ACM)

Architecture

┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│   Domain        │────▶│   Route53 DNS   │────▶│   CloudFront    │────▶│   S3 Bucket     │
│                 │     │  (A Records)    │     │  (CDN + SSL)    │     │ (Static Files)  │
└─────────────────┘     └─────────────────┘     └─────────────────┘     └─────────────────┘
                                                          │
                                                          ▼
                                                  ┌─────────────────┐
                                                  │  ACM Certificate│
                                                  │   (SSL/TLS)     │
                                                  └─────────────────┘

Key Design Decisions:

Multi-environment: Separate staging (hrafngrima.com) and production (ravenhelm.ai)
CloudFront CDN: Global distribution with low latency
Origin Access Control (OAC): Secure S3 access (no public bucket)
ACM Certificate: Free SSL/TLS per environment
SPA Routing: Custom error responses (404/403 → index.html)
Infrastructure as Code: All resources managed via Terraform with environment variables

Environment Comparison

Component	Production	Staging
Domain	ravenhelm.ai (+ www)	hrafngrima.com
S3 Bucket	ravenhelm-ai-production	ravenhelm-ai-staging
CloudFront ID	E2YTY7OV4W9IG8	E1TEKAJATN6ZWV
Route53 Zone	Z05231381KXISHXRO16K3	Z04724101B40OLA2FQVFP
Cache TTL	3600s (1 hour)	60s (faster iteration)
Deploy	Manual approval	Automatic on push

Infrastructure Components

1. S3 Buckets

Bucket	Purpose	Region
ravenhelm-ai-production	Production website files	us-east-1
ravenhelm-ai-staging	Staging website files	us-east-1

Configuration (both):

✅ Versioning enabled (rollback capability)
✅ Server-side encryption (AES256)
✅ Public access blocked (CloudFront-only via OAC)

2. CloudFront Distributions

Environment	Distribution ID	CloudFront Domain
Production	E2YTY7OV4W9IG8	(via ravenhelm.ai)
Staging	E1TEKAJATN6ZWV	d31p9xn316kwoe.cloudfront.net

Configuration:

Price Class: PriceClass_100 (US, Canada, Europe)
SSL Certificate: Environment-specific ACM certificate
HTTP → HTTPS: Redirect automatically
Custom Error Responses: 404/403 → /index.html (SPA routing)

Caching (staging vs production):

Staging: Shorter TTLs (60s default) for faster feedback
Production: Longer TTLs (3600s default) for performance

3. ACM Certificates

Environment	Domains	Status
Production	ravenhelm.ai, www.ravenhelm.ai	Issued
Staging	hrafngrima.com	Issued

Region: us-east-1 (required for CloudFront)
Validation: DNS validation via Route53 (automatic)

4. Route53 DNS

Hosted Zone	Domain	Zone ID
Production	ravenhelm.ai	Z05231381KXISHXRO16K3
Staging	hrafngrima.com	Z04724101B40OLA2FQVFP

5. Terraform State

Backend: S3 bucket ravenhelm-terraform-state
Region: us-east-1
Keys:

ravenhelm-ai/production/terraform.tfstate
ravenhelm-ai/staging/terraform.tfstate

CI/CD Pipeline

Pipeline Structure

┌──────────────┐     ┌──────────────┐     ┌──────────────┐     ┌──────────────┐
│   validate   │────▶│     plan     │────▶│    apply     │────▶│    deploy    │
│              │     │ (staging +   │     │  (manual)    │     │ (auto/manual)│
│              │     │  production) │     │              │     │              │
└──────────────┘     └──────────────┘     └──────────────┘     └──────────────┘

Jobs Overview

Job	Stage	Trigger	Description
terraform:validate	validate	terraform/** changes	Validates Terraform config
terraform:plan:staging	plan	terraform/** changes	Plans staging changes
terraform:plan:production	plan	terraform/** changes	Plans production changes
terraform:apply:staging	apply	Manual	Applies staging infra
terraform:apply:production	apply	Manual	Applies production infra
deploy:staging	deploy	public/** changes (auto)	Deploys to staging
deploy:production	deploy	Manual	Deploys to production
terraform:bootstrap:staging	apply	Manual	Initial staging setup
terraform:bootstrap:production	apply	Manual	Initial production setup

Deployment Flow

For content changes (public/):**

Push to main → Automatically deploys to staging
Review at https://hrafngrima.com
Manually trigger deploy:production when ready

For infrastructure changes (terraform/):**

Push to main → terraform:validate runs
terraform:plan:staging and terraform:plan:production run
Manually trigger terraform:apply:* to apply changes

GitLab CI Variables

Variable	Description	Protected	Masked
AWS_ACCESS_KEY_ID	AWS credentials	✅	❌
AWS_SECRET_ACCESS_KEY	AWS credentials	✅	✅

Development Workflow

Making Changes

Edit content: Modify files in public/
Push to main: git push origin main
Staging auto-deploys: Site available at https://hrafngrima.com
Review changes: Check staging site
Deploy to production: Manually trigger deploy:production job

Local Testing

```bash cd /tmp/ravenhelm-ai/public python -m http.server 8000

Visit http://localhost:8000

```

Cache Invalidation

Both staging and production CloudFront caches are automatically invalidated on deployment. Manual invalidation:

```bash

Staging

aws cloudfront create-invalidation --distribution-id E1TEKAJATN6ZWV --paths "/*"

Production

aws cloudfront create-invalidation --distribution-id E2YTY7OV4W9IG8 --paths "/*" ```

Terraform Configuration

File Structure

``` terraform/ ├── main.tf # Main resources (S3, CloudFront, ACM, Route53) ├── variables.tf # Variable definitions and locals ├── outputs.tf # Output values └── environments/ ├── production.tfvars # Production settings └── staging.tfvars # Staging settings ```

Key Variables

Variable	Description	Production	Staging
environment	Environment name	production	staging
domain_name	Primary domain	ravenhelm.ai	hrafngrima.com
route53_zone_id	DNS zone ID	Z05231381KXISHXRO16K3	Z04724101B40OLA2FQVFP
include_www	Add www subdomain	true	false

Troubleshooting

Site Not Loading

Check CloudFront: Distribution may be deploying (up to 15 min)
Check ACM: Certificate may be validating
Check DNS: Nameservers may not have propagated

```bash

Check DNS resolution

dig ravenhelm.ai +short dig hrafngrima.com +short

Check certificate status (from CI job or AWS console)

```

Pipeline Failures

terraform:validate fails: Check Terraform syntax with terraform fmt -check
terraform:plan fails: Check AWS credentials in CI/CD variables
deploy: fails:* Check S3 bucket exists and CloudFront distribution is active

ACM Certificate Pending

If ACM certificate is stuck in "Pending validation":

Verify Route53 nameservers are set at domain registrar
Check DNS propagation: dig NS domain.com
Terraform will wait up to 75 minutes for validation

[[Getting-Started]] - RavenmaskOS overview
[[Infrastructure-Overview]] - Infrastructure map
[[GitLab-CI-CD]] - CI/CD documentation

Last updated: 2026-01-06

Overview​

Architecture​

Environment Comparison​

Infrastructure Components​

1. S3 Buckets​

2. CloudFront Distributions​

3. ACM Certificates​

4. Route53 DNS​

5. Terraform State​

CI/CD Pipeline​

Pipeline Structure​

Jobs Overview​

Deployment Flow​

GitLab CI Variables​

Development Workflow​

Making Changes​

Local Testing​