I'm looking to understand how other organizations are exposing their development or lower-level environments to the public internet for comprehensive testing. My aim is to make the staging environment as similar to production as possible since production is a public application. However, I've run into issues where making staging public seems necessary to achieve this. While I can whitelist IPs, it gets complicated with security solutions like SASE providers such as Cato and Zscaler that require routing through another cloud service. So, when I whitelist an IP, I end up whitelisting the SASE provider's IPs. How do others handle this situation?
4 Answers
Unless there’s a specific reason, exposing staging URLs isn’t really a problem. Why do you feel the need to restrict access to your staging environment?
How do you protect your internal infrastructure, like intranet pages? Typically, companies handle internal resources in a similar way to staging environments. If you’re using a VPN setup, it usually means you only need to allowlist one IP range.
In my experience, we often just deploy the same setup to a separate AWS account. We prefix the URLs with something to indicate it's a staging environment, but otherwise, it's pretty much a duplicate of production, just with different data and entry points.
We've used AWS Client VPN to expose our Dev/Test and Staging environments. For load testing, we relied on K6 which allowed us to use a fixed set of IP addresses for our requests.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads