I'm working on a clean AWS setup using FastAPI with App Runner for the application and Postgres on RDS for the database, both of which I'm deploying through the AWS CDK. The setup works perfectly fine in my local environment and deploys to App Runner without issues.
I've organized my infrastructure into two separate environments:
* `CoolStartupInfra-dev` for development with its own RDS and VPC
* `CoolStartupInfra-prod` for production also with its own RDS and VPC
I have two App Runner services:
* `coolstartup-api-core-dev`
* `coolstartup-api-core-prod`
However, I'm a bit confused when it comes to managing the VPC connector and how to maintain a clear separation between my environments long-term.
For instance, should App Runner directly import the VPC and Database details from my core stack, or should it pull everything from Parameter Store instead?
Do I need to create a VPC connector for each environment?
And what strategies do people use to ensure that development only interacts with the development database? I'd love to hear how others structure this kind of setup, as I feel like I might be missing some essential concepts regarding the isolation between App Runner and RDS.
2 Answers
For environments and isolation, using security groups is key if everything resides in a shared account. You can link your VPC connector to a security group and only allow that group access to the respective RDS security group. This setup will ensure that only your dev App Runner connects to the dev database.
It's also a good opportunity to leverage tools like GenAI tools to simplify design patterns. They can generate examples tailored to multiple environments, ensuring your architecture follows best practices with proper separation.
There's no one-size-fits-all solution here. If your project is small or temporary, you can use a single stack with all resources included. But for a more flexible setup, consider creating an account-level construct for your VPC and subnets that stays constant, and build separate component stacks for things like RDS. That way, you keep things organized and easier to manage.
Regarding guaranteeing that development only connects to the dev database, you can use AWS accounts for strict separation, which is a good practice to avoid accidental data pollution. In production, everything should be infrastructure-as-code, ensuring your setup remains consistent and controlled.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically