Hey all! I've set up three separate VPCs for development, staging, and production, with EKS clusters running in each of them. We use Redash in our organization to connect to various databases, but my director wants me to have the Redash instance in the production EKS cluster communicate with all the databases across development, staging, and production. I can create VPC peering between production and development, but it doesn't feel right to me. I suggested using separate Redash instances for each environment, but my director insists that this approach would simplify things. After testing it out, I found it works, but I can't shake the feeling that it compromises security. Am I being overly cautious here, or should I consider setting up separate Redash services?
3 Answers
Combining resources from dev and prod sounds risky, especially if you're considering compliance regulations like GDPR. It can also complicate your infrastructure as code setup. We decided to go with separate Redash instances to keep everything cleaner and more maintainable.
Honestly, I think keeping your environments separate is the best approach. If you must connect them, look into using AWS PrivateLink and endpoint services. This could give you more control over accessibility while maintaining those boundaries. Plus, it's compatible across regions and accounts!
We've been doing something similar and opted for a shared services account instead of VPC peering. PrivateLink works well for us, providing access without directly linking the VPCs. It might be worth exploring this route for better security!
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads