search

aws-ia / terraform-adobe-magento

Adobe Magento
Apache License 2.0
31 stars 19 forks source link

infrastructure limits and security implications #11

Open magenx opened 2 years ago

magenx commented 2 years ago

security: please do not use any:

  1. ssh connections
  2. ssh keys
  3. sudo ALL
  4. single system and php user
  5. undefined acl
  6. writeable folders
  7. executable awscli
  8. IMDSv1

infrastructure: please do not limit to nor use:

  1. only single region
  2. only 2 AZ in region
  3. bastion hosts
  4. parameters/ip sync

add more randomness to parameters and variables. many devs will use it for production and deployment own shops, adopting and replicating these issues.

also you create dual ALB with IGW to internal private network and with CloudFront, doesn't looks like quick start reference infrastructure.

Shero-Inc commented 2 years ago

Hi @magenx

Many thanks for the feedback, We updated these items in develop that has since been merged.

Please let us know how you find the setup.

magenx commented 2 years ago

you only removed some sudo config, but other elements not fixed.

and it looks like you have magento setup running from user_data.