Buffden · Buffden · Apr 7, 2026 · Apr 7, 2026
diff --git a/docs/architecture/00-baseline/adr/ADR-006-frontend-hosting-cdn.md b/docs/architecture/00-baseline/adr/ADR-006-frontend-hosting-cdn.md
@@ -63,7 +63,7 @@ Cost is mostly usage-based and typically low at early traffic:
 
 - S3 storage: low monthly baseline for static bundles
 - CloudFront: request and egress based (main cost driver as traffic grows)
-- Route53 hosted zone and DNS queries
+- Cloudflare DNS (free plan — no hosted zone cost)
 - ACM certificate for CloudFront: no additional certificate fee
 
 For low to moderate traffic, this is usually cheaper than keeping separate always-on compute for frontend serving.

diff --git a/docs/architecture/00-baseline/v1/url-shortener-v1-hld.excalidraw b/docs/architecture/00-baseline/v1/url-shortener-v1-hld.excalidraw
@@ -3282,14 +3282,14 @@
       "updated": 1774768897542,
       "link": null,
       "locked": false,
-      "text": "DNS Route53\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
+      "text": "DNS Cloudflare\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
       "fontSize": 9.407443073499568,
       "fontFamily": 5,
       "textAlign": "center",
       "verticalAlign": "top",
       "baseline": 11,
       "containerId": null,
-      "originalText": "DNS Route53\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
+      "originalText": "DNS Cloudflare\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
       "autoResize": true,
       "lineHeight": 1.2727272727272727
     },

diff --git a/docs/architecture/00-baseline/v1/url-shortener-v1-hld.puml b/docs/architecture/00-baseline/v1/url-shortener-v1-hld.puml
@@ -29,7 +29,7 @@ actor User
 
 ' ---------------- INTERNET ----------------
 package "Public Internet" #LightGray {
-    cloud "DNS\n(tinyurl.buffden.com)" as DNS
+    cloud "Cloudflare DNS\n(tinyurl.buffden.com)" as DNS
 }
 
 ' ---------------- AWS REGION ----------------

diff --git a/docs/architecture/00-baseline/v2/url-shortener-v2-hld.excalidraw b/docs/architecture/00-baseline/v2/url-shortener-v2-hld.excalidraw
@@ -5003,14 +5003,14 @@
       "updated": 1774769172658,
       "link": null,
       "locked": false,
-      "text": "DNS Route53\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
+      "text": "DNS Cloudflare\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
       "fontSize": 9.407443073499568,
       "fontFamily": 5,
       "textAlign": "center",
       "verticalAlign": "top",
       "baseline": 11,
       "containerId": null,
-      "originalText": "DNS Route53\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
+      "originalText": "DNS Cloudflare\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
       "autoResize": true,
       "lineHeight": 1.2727272727272727
     },

diff --git a/docs/architecture/00-baseline/v2/url-shortener-v2-hld.puml b/docs/architecture/00-baseline/v2/url-shortener-v2-hld.puml
@@ -29,7 +29,7 @@ actor User
 
 ' ---------------- INTERNET ----------------
 package "Public Internet" #LightGray {
-    cloud "DNS\n(tinyurl.buffden.com)" as DNS
+    cloud "Cloudflare DNS\n(tinyurl.buffden.com)" as DNS
 }
 
 ' ---------------- AWS REGION ----------------

diff --git a/docs/deployment/README.md b/docs/deployment/README.md
@@ -25,10 +25,10 @@
 
 ```
                     ┌─────────────────────────────────────────────┐
-                    │                  Route 53                    │
-                    │  buffden.com hosted zone (us-east-1)         │
-                    │  tinyurl.buffden.com  →  CloudFront (alias)  │
-                    │  go.buffden.com       →  ALB (alias)         │
+                    │         Cloudflare (DNS + Proxy)             │
+                    │  buffden.com nameservers                     │
+                    │  tinyurl.buffden.com  →  CloudFront (proxied)│
+                    │  go.buffden.com       →  ALB (proxied)       │
                     └──────────┬──────────────────────┬───────────┘
                                │                      │
                ┌───────────────▼──────┐   ┌───────────▼──────────────┐
@@ -56,10 +56,10 @@
 
 | Request | Route |
 |---|---|
-| `https://tinyurl.buffden.com` | Route 53 → CloudFront → S3 (Angular SPA) |
+| `https://tinyurl.buffden.com` | Cloudflare → CloudFront → S3 (Angular SPA) |
 | `https://tinyurl.buffden.com/*` | CloudFront → S3 → `index.html` (Angular router) |
-| `POST https://go.buffden.com/api/urls` | Route 53 → ALB → Nginx → Spring Boot → RDS |
-| `GET https://go.buffden.com/{code}` | Route 53 → ALB → Nginx → Spring Boot → 301/302 |
+| `POST https://go.buffden.com/api/urls` | Cloudflare → ALB → Nginx → Spring Boot → RDS |
+| `GET https://go.buffden.com/{code}` | Cloudflare → ALB → Nginx → Spring Boot → 301/302 |
 | `http://` any domain | Redirect to `https://` |
 
 ---
@@ -72,7 +72,7 @@
 | Backend | ALB → EC2 at `go.buffden.com` |
 | Short URL format | `https://go.buffden.com/{code}` |
 | API called by Angular | `https://go.buffden.com/api` |
-| DNS | Route 53 (delegated from Namecheap) |
+| DNS | Cloudflare (nameservers set at Namecheap) |
 | Region | `us-east-1` (N. Virginia) |
 | GitHub username | `buffden` |
 | Docker image | `ghcr.io/buffden/tinyurl-api` |
@@ -95,7 +95,7 @@
 | ALB | 1 load balancer | ~$18 |
 | S3 | <100 MB assets | <$1 |
 | CloudFront (SPA) | Low traffic | ~$1 |
-| Route 53 | 1 hosted zone | ~$1 |
+| Cloudflare | DNS + proxy (free plan) | $0 |
 | CloudWatch | Alarms + logs | ~$3 |
 | ACM / SSM | Free tiers | $0 |
 | **Total** | | **~$54/month** |

diff --git a/docs/hld/system-design/system-design.md b/docs/hld/system-design/system-design.md
@@ -20,7 +20,7 @@ The architecture is CloudFront-first at the edge, with backend services running
 
 | Component | Responsibility |
 | --- | --- |
-| DNS (Route 53) | Resolves `go.buffden.com` → ALB (API/redirects); `tinyurl.buffden.com` → CloudFront (Angular SPA). |
+| DNS (Cloudflare) | Resolves `go.buffden.com` → ALB (API/redirects); `tinyurl.buffden.com` → CloudFront (Angular SPA). Proxied — DDoS mitigation and WAF sit at the edge before traffic reaches AWS. |
 | AWS ALB | TLS termination, HTTP→HTTPS redirect, health checks, routes traffic to EC2 instances. |
 | CloudFront (SPA dist) | Serves Angular SPA from S3 origin with CDN caching and SPA fallback rules. |
 | Nginx | Reverse proxy inside EC2 Docker Compose. Routes requests to the Spring Boot app. |
@@ -52,7 +52,7 @@ The architecture is CloudFront-first at the edge, with backend services running
 ### Write Path (Create Short URL)
 
 1. Client sends `POST /api/urls` with original URL and optional expiry.
-2. Request passes through Route53 → ALB → Nginx → App.
+2. Request passes through Cloudflare → ALB → Nginx → App.
 3. App validates input (URL format, length).
 4. App generates `short_code` via DB sequence + Base62 encoding.
 5. App writes mapping to PostgreSQL.
@@ -62,7 +62,7 @@ The architecture is CloudFront-first at the edge, with backend services running
 ### Read Path (Redirect)
 
 1. Client accesses `GET /<short_code>` at `go.buffden.com`.
-2. Request passes through Route53 → ALB → Nginx → App.
+2. Request passes through Cloudflare → ALB → Nginx → App.
 3. (v2) App checks Redis cache first.
 4. On cache miss: App queries PostgreSQL by `short_code`.
 5. App checks expiry and deletion status.

diff --git a/docs/lld/c4-diagrams.md b/docs/lld/c4-diagrams.md
@@ -96,7 +96,7 @@ Components that only exist in v2 are explicitly annotated with **(v2)** or **(v2
 
 | Tier | Colour | Containers |
 |------|--------|------------|
-| **Public Internet** | Grey | User, DNS Route53 (`tinyurl.buffden.com`) |
+| **Public Internet** | Grey | User, DNS Cloudflare (`tinyurl.buffden.com`) |
 | **CDN / Edge Layer** | Purple | CloudFront CDN |
 | **Frontend Origin** | Green | S3 Angular SPA static assets / UI |
 | **Entry Layer** | Green | Nginx (TLS termination + reverse proxy) |
@@ -111,7 +111,7 @@ Components that only exist in v2 are explicitly annotated with **(v2)** or **(v2
 
 | From → To | Label |
 |-----------|-------|
-| User → DNS Route53 | `Resolve DNS` |
+| User → DNS Cloudflare | `Resolve DNS` |
 | User → CloudFront CDN | `HTTPS requests` |
 | CloudFront CDN → Nginx | `/api/*` |
 | Nginx → URL Shortener App | Write |
@@ -123,7 +123,7 @@ Components that only exist in v2 are explicitly annotated with **(v2)** or **(v2
 
 | From → To | Label |
 |-----------|-------|
-| User → DNS Route53 | `Resolve DNS` |
+| User → DNS Cloudflare | `Resolve DNS` |
 | User → CloudFront CDN | `HTTPS requests` |
 | CloudFront CDN → Nginx | `/{short_code}` |
 | Nginx → URL Shortener App | Read |
@@ -138,7 +138,7 @@ Components that only exist in v2 are explicitly annotated with **(v2)** or **(v2
 
 | From → To | Label |
 |-----------|-------|
-| User → DNS Route53 | `Resolve DNS` |
+| User → DNS Cloudflare | `Resolve DNS` |
 | User → CloudFront CDN | `HTTPS requests` |
 | CloudFront CDN → S3 Angular SPA | `/*` |
 

diff --git a/docs/lld/c4-level2-container.excalidraw b/docs/lld/c4-level2-container.excalidraw
@@ -4768,14 +4768,14 @@
       "updated": 1774395810450,
       "link": null,
       "locked": false,
-      "text": "DNS Route53\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
+      "text": "DNS Cloudflare\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
       "fontSize": 9.407443073499568,
       "fontFamily": 5,
       "textAlign": "center",
       "verticalAlign": "top",
       "baseline": 11,
       "containerId": null,
-      "originalText": "DNS Route53\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
+      "originalText": "DNS Cloudflare\ngo.buffden.com → ALB\ntinyurl.buffden.com → CloudFront",
       "autoResize": true,
       "lineHeight": 1.2727272727272727
     }