From GitHub to Production: Deploying a Next.js Website on AWS
June 4, 2026
From GitHub to Production: Deploying a Next.js Website on AWS
Most developers start by deploying websites to platforms like Vercel or Netlify. They're fantastic tools, and for many projects they're exactly the right choice.
But sooner or later, every developer becomes curious about what happens behind the scenes.
Recently, I set up a complete production deployment pipeline for a client project using AWS. The goals were simple:
- Keep hosting costs low
- Own the entire infrastructure
- Automate deployments
- Deliver content globally through a CDN
The final architecture turned out to be surprisingly elegant:
GitHub
↓
GitHub Actions
↓
Next.js Static Export
↓
Private S3 Bucket
↓
CloudFront CDN
↓
Custom Domain
No servers. No SSH. No manual uploads.
Every merge to the main branch automatically deploys the latest version of the website.
Why AWS Instead of Vercel?
This isn't about replacing Vercel.
In fact, Vercel is often the best option for many projects.
However, for this project I wanted full ownership of the infrastructure, hands-on AWS experience, minimal recurring hosting costs, and a deployment pipeline I completely understood.
For a mostly static website, Amazon S3 and CloudFront make an excellent combination.
Building a Static Next.js Website
The website was built using Next.js.
Since the project consisted primarily of informational pages, there was no need to run a Node.js server.
Next.js supports static exports through:
const nextConfig = {
output: "export",
};
export default nextConfig;
Running npm run build generates an out directory containing everything required to serve the website without a backend server.
Hosting the Website in Amazon S3
The first instinct many developers have is to make the S3 bucket public.
That approach works, but it's no longer considered best practice.
Instead, the bucket remains private.
Users
↓
CloudFront
↓
Private S3 Bucket
Only CloudFront is granted permission to access the bucket.
Direct access to S3 is blocked entirely.
This architecture improves security while still allowing the website to be served publicly.
Adding CloudFront
CloudFront sits in front of S3 and acts as the public entry point.