Angelo Mandato: Learn about the benefits with examples how to create and maintain DEV, QA, and UAT environments using unique domain names
0 likes35 views
The document discusses the creation of distinct development, QA, and UAT environments using unique top-level domains (TLDs) to avoid issues associated with traditional subdomains, such as session cookie collisions and security concerns. It outlines the benefits and costs related to implementing these unique domains, including simplified configurations and improved security. Additionally, it provides examples and recommendations for setting up these environments, as well as tips for local development using TLDs.
Angelo Mandato: Learn about the benefits with examples how to create and maintain DEV, QA, and UAT environments using unique domain names
- 1. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Washington DC | June 27, 2024
- 2. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Create DEV, QA, and UAT environments using unique domain names Angelo Mandato DEV206 (he/him) Founder / CTO Painless Analytics
- 3. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unique domain names for lower environments 01 Problem 05 Example 02 Unique Top level domains to the rescue 06 Wrap up what we learned 03 Benefits 07 Bonus! – local development 04 Costs
- 4. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is a Domain Name? example.com - Domain Name (root hostname) com – Top-Level Domain (TLD) example – Second-level Domain https://en.wikipedia.org/wiki/Domain_name
- 5. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Problem
- 6. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sub Domains for lower environments • beta.example.com - BETA • uat.example.com - UAT • 241-staging.example.com - STAGING • pr-334-dev.example.com - DEV • qa.example.com - QA • www.example.com - PRODUCTION This only works for a monolithic app!
- 7. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Production Sub Domains with environments • dashboard.example.com - PRODUCTION • uat-dashboard.example.com - UAT • dev-dashboard.example.com - DEV • pr-2324-dashboard.example.com - DEV PULL REQUEST • qa-dashboard.example.com - QA What's wrong with this?
- 8. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sub Domains introduce problems THERE IS A BETTER WAY! • Session cookies that use the root hostname • Environments sharing root hostname • Hard to manage root hostname in multiple Accounts* • CORS rules are complicated • Security concerns • WHAT IF PROD FORMS SUBMIT TO THE QA ENVIRONMENT???
- 9. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unique Top Level Domains (TLD) to the rescue
- 10. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unique top-level domain for PRODUCTION • www.example.com • account.example.com • api.example.com • mail.example.com anything.example.com is PRODUCTION
- 11. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unique top-level domain name for DEV • www.example.dev • account.example.dev • api.example.dev • mail.example.dev anything.example.dev is DEV
- 12. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Select TLD's for each environment Root hostname for each environment: • example.com - PRODUCTION • example.dev - DEV • example.biz - UAT • example.net - QA • example.be - BETA If internal VPN, you can make up your own TLD .extension!
- 13. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits
- 14. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits of using domain names with unique TLD's IaC Privacy Rights Security Development CloudFormation / CDK environments configured by root hostname DEV and QA environments less strict than UAT/PROD Easy to maintain lower environment data separate from production Development never found on production hostnames
- 15. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. You are a Super Hero!
- 16. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Costs
- 17. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Costs for TLD's .us - $15/year .cc - $12/year .net - $15/year .org - $14/year .biz - $19/year .ca - $13/year .bet - $24/year .io - $71/year .link - $5/year .be - $9/year .de - $9/year Route 53 TLD Registration Pricing
- 18. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Internal VPC's? .whatever FREE!!!
- 19. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. You are a Super Hero!
- 20. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example
- 21. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Laravel / WordPress Site www.painlessanalytics.com - PROD www.painlessanalytics.dev - DEV www.painlessanalytics.be - BETA
- 22. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: ReactJS Dashboard dashboard.painlessanalytics.com - PROD dashboard.painlessanalytics.dev - DEV dashboard.painlessanalytics.be - BETA
- 23. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Root Hostname SSL Cert Create SSL Certificate (environment specific) Go to Certificate Manager (ACM) Create CNAME name records to validate certificate
- 24. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Setup Parameter Store Set SSL Cert arn Parameter in Systems Manager Parameter Store
- 25. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: Setup Parameter Store Set root Hostname Parameter in Systems Manager Parameter Store
- 26. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: CloudFormation using root hostname Get Parameter from Parameter Store Use parameter to Get the SSL cert arn and set the alias hostname
- 27. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Root hostname CloudFormation Advantages Account / Lower Environment uses a unique root hostname Hostname prefixes remain consistent Parameter Store utilization minimized Wildcard SSL certs Account specific prefix.example.com
- 28. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits Simple to understand, document, and standardize Reproducible AWS CloudFormation templates Accessible Publicly (if not in a private VPN) Private Network – make up your own TLD's! SES can remain in "sandbox" for lower environments
- 29. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Configuration Settings Systems Manager Parameter Store CI/CD pipelines .env & config files
- 30. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hide lower environments from public? CloudFront Function VPN private network is ideal but in some cases not possible Block access, allow if a cookie or header matches a condition
- 31. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Function: Open Sesame https://myapp.example.dev/api/version https://myapp.example.dev/webhook/stripe
- 32. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Function: Open Sesame https://myapp.example.dev/?open=sesame
- 33. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Function: Open Sesame https://myapp.example.dev/?close=sesame
- 34. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudFront Function: Open Sesame
- 35. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Wrap up what we learned
- 36. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unique Domains for lower environments
- 37. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Unique Domains for lower environments • No more confusing sub domains e.g. psycho-db-devbeta.example.com • No more session / cookie collisions with prod and lower environments • Secure lower environments with private networks • Prevent access to lower environments with CloudFront functions • SES Sandbox mode is a feature for non-prod environments • IaC / CloudFormation attributes use consistent prefixes • Switching from one environment to the other is as easy as replacing ".com" with ".dev" and hitting ENTER.
- 38. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bonus! – local development
- 39. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use a TLD for local development! With your favorite editor open your local hosts file MacOS: /private/etc/hosts Linux: /etc/hosts Windows: C:WindowsSystem32driversetchosts (run editor as administrator) Tip: Check out Windows PowerToys' Hosts File Editor
- 40. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 411 on hosts file Find your inner self, 127.0.0.1 of course!
- 41. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use a real TLD for local development Use case: • Oauth2 (services like Google will not use .local hostnames)
- 42. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build beyond skillbuilder.aws Redeem your free 7-day trial of AWS Skill Builder
- 43. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Please complete the session survey in the mobile app Angelo Mandato angelo@mandato.com linkedin.com/in/angelomandato Founder / CTO Painless Analytics Link to slides, code, and video of this session