Shipping this site is a two-layer process. Terraform stands up the AWS infrastructure, and Trellis provisions the server and performs atomic, zero-downtime deploys of the application. Each layer is independent, versioned, and repeatable, so a rebuild is never a guessing game.
Infrastructure as code
A single Terraform stack defines the VPC, the EC2 instance and its Elastic IP, the IAM role the application uses to reach S3, the private uploads bucket, and the CloudFront distribution that serves media from a custom domain. Every resource is tagged consistently, so the entire environment can be found — and destroyed — from one place when it is no longer needed.
Zero-downtime releases
Each deploy clones the repository into a fresh release directory, installs Composer dependencies, compiles the Sage theme with Vite, and only then flips a symlink to the new release. Visitors never see a half-built site, because the switch is atomic and happens after the build has fully succeeded.
Rollbacks and configuration
Because each release lives in its own directory, rolling back is a matter of pointing the symlink at the previous one — no rebuild required. Secrets never live in the repository: database credentials, salts, and API keys are encrypted with Ansible Vault and rendered into the environment at deploy time, so the same codebase runs safely across development, staging, and production.
Deploys are boring — on purpose
Build, test, symlink, reload. No manual steps, no surprises, and the previous release stays put for an instant rollback.