- 新しい順
- 投票が多い順
- コメントが多い順
If the developers are working on your application, they probably have access to the source code as they need to make changes to it. There is no way to prevent them from saving this to their local computer. While you can put restrictions on downloading files, developers can just copy/paste the code to their local editor.
You can restrict access to the database layer so that the developer does not have access to your production data.
Ultimately, you're entrusting your source code to the developers you hire, so be selective.
One option could be to not build a monolith application but to break it up into microservices. Let one developer build your front-end using a SPA framework like React.js. Let other developers build your backend logic as independent microservices that are invoked from your front-end using APIs.
You could then give each developer their own independent AWS accounts and then you take up the responsibility of putting it all together at the end into a single AWS account, after having tested out all the pieces independently. That way the developers will only see pieces of the puzzle and not the entire puzzle.
Thanks for your quick response. But at the moment, everything is done by one developer and the only option have been having is changing developers after doing some developments. My question is that, is there away to have the database hosted remotely and not under the same AWS account?
You should be able to connect to a database in one account from an application running in another account as long as there is a network path available. You can do VPC peering of two VPCs in different accounts (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html) or use Transit Gateway (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-getting-started.html)
Look at this article that talks about accessing RDS databases in different VPCs - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html
関連するコンテンツ
- 質問済み 5年前
Thanks for the response. But, if my whole website is hosted on AWS, is there away to limit access to my site database by developers and only allow them to access the software source code?
You need to come up with a plan with your CI/CD pipelines and access control to prevent the developer access to the production environment where only the production application can call the database directly. A common practice is to separate the production data/code into its own account and restrict access to that account. This does complicate the architecture and you need to be skilled with AWS to build this.