Second Attempt: Scaleway
Now we're cooking with French clouds!
So, I went back to european-alternatives.eu. One more provider there seemed to have the services I was looking for most, and a Terraform provider: Scaleway. Scaleway is a French hosting company, that has offered cloud services for about 10 years now. So, I felt confident enough to give it a try.
Registering an account with Scaleway was quite straightforward. Within about 5 minutes I had set up my account and was ready to deploy my first resources. Naturally I wanted to start with this very site, documenting my progress. So I wrote some terraform code to create an object bucket and declare it publicly readable, as well as a definition of its contents as a static website.
Of course terraform code is nice, but in order to deploy it I will need some way to authenticate from my terminal (and pipeline, but let's begin with a local deployment). Alright, let's explore Scaleway's Identity and Access Management:
This is most of the IAM architecture of Scaleway. It's not a lot. There are no short-lived credentials, there are no roles, no identity federation, no OIDC integration for pipelines... setting up secure, scaleable access for developers, maintainers and for CI/CD pipelines will be a pain with this system. I really hope this will be improved soon. For this project, it's fine for now. I generate API keys for myself and start a deployment.
Soon my website is up, as I also have registered a domain with another provider: shevek.eu. I keep this registration external to the cloud provider I'm using, as I want the possibility to deploy seperate parts of the same root domain in different cloud providers if I want to during this experiment. The terraform code deploys quickly, and once I point my DNS to the new bucket, my page loads in a browser!
Except of course, that I do not have an SSL certificate yet, so most browsers aren't happy to open it. Can Scaleway help me to obtain a certificate? Yes, but through another service. I first need to add a cache distribution to my website, and then as part of this "edge service" I can also add a certificate. That's fine, a distribution is a good idea anyway!
The terraform repository has an extremely helpful example for an edge service pipeline, that has all the necessary components. Can I just deploy this?
So it seems that in order to deploy an edge service pipeline, I first need to pick a subscription. I would probably prefer to pay by usage for now, but 1 euro per month is quite manageable. So, I sign up and deploy a pipeline from Terraform. The deployment works, but there seems to be some kind of problem.
What? This is the first time I'm genuinely perplexed and frustrated. Why can't I serve a root domain from an edge service? It might have something to do with Scaleway's specific method of Let's Encrypt certificate validation. But they also offer using an imported certificate! Why can't I just use a root domain?
Fine: this page won't be shevek.eu then, but blog.shevek.eu. Now I want to put the terraform seriously to the test: can I make the changes to the bucket and distribution? Can all resources need to be replaced? I empty the bucket, change all references to the domain, and run the terraform...
The bucket is replaced without any problem. But the edge service can't even be planned: I get a 403. I suspect that I'm running into the limitation of the Starter edge service subscription. If I'm only allowed one pipeline, it needs to be deleted before it can be recreated. This takes some more time, which means this project takes a few more days to actually be released to you, the public, as I'm working on this in spare hours in the evening if I can find them.
But now here it is! An object storage bucket, with a static website, an edge distribution, all configured through Terraform, on a European Cloud provider. It took me about 8 hours from first reading about Scaleway to this point, and a few hours of those were brushing up on html/css to stop your eyes from bleeding too much.