-Verify RDS only listens to request from backend and admin client by ip locking it.

Question

shyam · Accepted Answer

-Verify RDS only listens to request from backend and admin client by ip locking it.
-Make admin portal whitelist ips so it only listens to our ips for request.
-rate limit requests from the admin portal. Needs to be high enough it’s useful but low enough that someone trying to scrape it will fail
-ensure we cannot get into database with Prisma studio
-we need to find a key management system so we can rekey at scale and quickly. This tutorial may help https://dev.to/stack-labs/manage-your-secrets-in-git-with-sops-gitlab-ci-2jnd
-verify database backs up and we can actually recover it
-verify the site will auto scale when needed.

Security and performance Check

Activity