- Newest
- Most votes
- Most comments
Hello,
So let's break down your questions. As general I understood you have just one Application and one Database server, meaning test and prod runs on the same hosts. As a general rule this is highly not recommended to mix workloads, specially non-production with production. Ideally production should have dedicated servers.
Another question is: why the database is on EC2? I would recommend to migrate the DBs to RDS to get a stable platform manged service where you can easily automate backups and have ways to point in time restore your data.
Back to your questions:
Due to low space on both Production servers (Application & Database) I'm able to perform a restore from prod to staging env., resulting in up-to-date data not being available in staging env. and the team is not able to replicate the issues highlighted in the Production Environment.
Simplest approach is to increase your EBS volumes, ideally creating separated volumes for test and prod data so in case you split into 2 instances you can easily dettach and attach the volumes in your new environment. Other options are to send the data to S3 (which. might require changes in your code) or to use EFS an extended volume.
Test Application and Production Application Server are on the same EC2 instance. Similarly, Test DB Server and Production DB Server are on the same EC2 instance. It is a risk if anything goes wrong on the Test machine then it will impact on Live Production environment.
As mentioned this is a high risk and not best practice. Split into different servers. If possible migrate DBs to RDS, you can use a smaller instance for non-prod and a larger for prod - depending your workload performance footpring.
Security settings need to be optimized at AWS infra level, as we only have a basic support plan, in case of any security or failure concerns to the AWS infra, no support from Amazon AWS will be provided.
I do not see AWS Support playing a key role here, specially if the controls affected by a security breach are under your responsibility. See AWS Shared responsibility model for an overview: https://aws.amazon.com/compliance/shared-responsibility-model/ basically in a EC2 environment you need to be careful with your security groups, exposing only the mininum required ports, and restricting by IP access to remote access ports like 22 SSH and 3389 RDP. Do not open the database to outside your VPC.
I hope these answers can help you. Thanks!
Relevant content
- asked 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago