Your first production deployment shouldn’t cost you money. But it will cost you time—debugging SSL handshakes, wrestling with DNS routing, and staring at CORS errors at 2 a.m.
One developer did it anyway. Built a medical-grade platform (an EEG-based Alzheimer’s detection system called IPlusFlow) on AWS and Cloudflare infrastructure, with zero recurring costs. The live site is running at eeg.iplusflow.com. The lessons learned? Priceless, and worth stealing.
This isn’t a clickbait “free tier” story where you’re bottlenecked after 1,000 requests. This is a deliberate architectural choice that separates storage, compute, and traffic routing—the exact separation pattern Fortune 500 companies teach their engineers. And it costs nothing because the builder made smart decisions about where to use free tools and where to avoid unnecessary paid services.
The Zero-Cost Architecture That Scales
Here’s the stack:
Backend: FastAPI running on AWS Lambda via API Gateway (auto-scales, free tier covers a lot).
Frontend: Static files on Amazon S3 (free storage, essentially).
CDN: AWS CloudFront (catches the S3 traffic, distributes it globally).
DNS & Edge: Cloudflare (free tier, handles nameservers and DNS resolution).
Notice what’s not there? Route 53. AWS’s managed DNS service is excellent, but it costs money every month—roughly $0.50 per hosted zone. For a side project, that’s the difference between “free” and “not actually free.” The builder punted DNS entirely to Cloudflare’s free plan instead. One architectural decision, huge cost impact.
“Putting everything in one place is easier, but separating concerns scales better.”
That sentence sits at the heart of why this works. Most developers learning to deploy throw everything into a single VPC or a managed platform like Railway or Vercel (which is easier). But that doesn’t teach you how the real Internet works.
The Debugging Gauntlet: Where Things Went Wrong
Here’s where it gets real. Architecture on paper is pretty. Architecture in practice is where you learn.
Gotcha #1: CloudFront requires US-East-1 certificates. The backend was deployed in Mumbai (ap-south-1), so a wildcard SSL certificate was generated there. But when the builder tried to attach it to CloudFront (for the frontend), it vanished from the dropdown menu. Turns out CloudFront has a hard requirement: all certificates must live in us-east-1, regardless of where your infrastructure actually runs. So duplicate certificate. Duplicate regional infrastructure. It’s a quirk that isn’t obvious until you hit it.
Gotcha #2: Cloudflare proxy conflicts with AWS SSL. When the builder first set up DNS records in Cloudflare, they left proxy mode enabled (the orange cloud icon). Immediately: SSL handshake failures. The reason? Cloudflare was trying to re-handle HTTPS in the middle, but CloudFront and API Gateway were already terminating SSL with their own certificates. You had three layers trying to do the same job. The fix was disabling proxy mode (grey cloud). Let AWS handle SSL. Let Cloudflare handle DNS. Don’t mix concerns.
Gotcha #3: CORS and subdomains. The frontend (eeg.iplusflow.com) needed to upload files directly to S3 via presigned URLs from the API (api.iplusflow.com). Browsers treat those as different origins. Result: blocked uploads. The S3 bucket’s CORS policy had to explicitly whitelist the frontend origin and allow PUT requests. Small fix, massive time sink.
Why Keep CloudFront If Cloudflare Has a CDN?
Sounds redundant, right? Two CDNs? But it solves two actual problems that matter:
-
S3 stays private. Without CloudFront, the S3 bucket would need to be public to serve files. With CloudFront in front, you use Origin Access Control (OAC) to lock down the bucket completely. The bucket only trusts CloudFront. Everything else gets a 403. That’s not paranoia—that’s architecture.
-
SSL doesn’t become a nightmare. CloudFront speaks AWS’s certificate language natively. Trying to route Cloudflare directly to a private S3 bucket creates routing and SSL handshake complexity. Keep Cloudflare at the edge. Keep CloudFront at the content layer. Each service does one job well.
What This Actually Means for You
If you’re building something and want to understand how the Internet actually works—DNS resolution, SSL termination, CDN behavior—skip the one-click platforms for a bit. Build this. Hit these walls. Debug. The technical understanding you walk away with isn’t something a documentation page can hand you.
Zero-cost infrastructure isn’t the point. Understanding infrastructure is.
Yes, it takes longer. Yes, you’ll hit weird AWS regional requirements you didn’t expect. But you’ll also understand why big companies build things this way. You’ll know what “origin access control” means. You’ll know why CORS exists. You won’t be guessing anymore.
The code is public on GitHub (EEG-CNN-BiLSTM). The site is live. The architecture is replicated every day by companies that charge customers billions. The only difference is they have multiple people debugging it instead of one.
🧬 Related Insights
- Read more: Why Go Shops Are Adding Cross-Chain Swaps—And Why Most Will Get It Wrong
- Read more: Your Access Tokens Are Probably Broken (And Nobody’s Telling You)
Frequently Asked Questions
Can I really run production infrastructure for free on AWS?
Not indefinitely, but the free tier covers a lot more than people realize. Lambda has 1 million free requests per month. S3 is free for the first 12 months (50 GB storage). CloudFront has a free tier too. Where you pay is after you exceed those limits or when you use paid services like Route 53 unnecessarily. This setup avoids unnecessary paid services.
What happens when traffic grows and I exceed free tier limits?
Then you pay—but you’ll know exactly which services are costing you what. You won’t have architectural debt from choosing an expensive service early. You can optimize before costs spiral. That’s the real win.
Is this setup only for side projects?
No. The architecture pattern—separated storage, compute, and CDN—scales to millions of requests. The only change is cost optimization, not architectural rework. This is how production systems are built. You’re just running it cheaper.
