April 18th, 2019
In Technology
No Comments
If you enjoy this article, see the other most popular articles
If you enjoy this article, see the other most popular articles
If you enjoy this article, see the other most popular articles
When you accidentally put your database on a public subnet in AWS
(written by lawrence krubner, however indented passages are often quotes). You can contact lawrence at: lawrence@krubner.com, or follow me on Twitter.
This feels like a very easy mistake to make:
Here’s an example where you can get into trouble. Digging through some infra code, reviewing with a new devops hire, we were going through everything with a fine toothed comb. We found that the RDS instance was being deployed in PUBLIC subnet, instead of private.
Alerted to the problem, we first checked to see whether it was accessible from the internet at large. It wasn’t, because we had not exposed a public facing IP. That said it wasn’t the most secure setup and I wanted to fix it.
I made some changes to the Terraform code, to update the subnet to private, and tried “$ terraform apply”. Then I got all sorts of errors. Try as I might, this update would not work.
Sadly the long term solution was to destroy the entire stack, and rebuild with RDS in the right place. Lesson learned.
Mind you, Sean Hull is one of the two best devops people I’ve ever worked with (the other being Chris Clarke). If he can make this mistake, then you can definitely make this mistake.
Post external references
- 1
https://www.iheavy.com/2018/10/29/thinking-deeply-about-amazon-cloud-infrastructure-code/
February 8, 2022 9:33 am
From Michael S on How I recovered from Lyme Disease: I fasted for two weeks, no food, just water
"Did you have Bartonella, too? Seems it uses autogenesis..."