I'm working on a project that we will deploy to Google Cloud Platform. The services we want to use include cloud run, SQL, and cloud storage.
We will use several deployments for different phases of development; namely development, staging, and production.
I'm worried about security mostly regarding who can access what. Obviously, we want our developers to have some access to the development environment so that they may tweak things, create temporary databases, and perform other tasks that may be necessary to help in development. However, the production environment is naturally more protected and not everyone should have access to its settings.
One solution I thought of was creating a separate project for each environment. However, I believe this might not be the correct course of action. What is your suggestion for this? Basically what we would like is separate environments with their own firewall and access controls.
Thanks!
1 Answer 1
You could duplicate all your deployments for each stage, but passing differents variable at the beginning of the deployment of each that configure different access and level of securities, meaning different level of liberties.
But if you do that, that's mean you have to update each environment, each time you update one. So you must firstly write independent component that you can reuse with differents parameters (dev, staging, prod).
-
Thanks for your answer. I'm not sure exactly what you mean by passing variables at the beginning of deployments, how would that work?Cas– Cas01/19/2020 11:14:17Commented Jan 19, 2020 at 11:14
-
Consider that you have a main project and that you want three environment, dev, stage and production for this project. At the start of each environment deployment, you pass their respective variables which define the permissions and security strategy. Like that, you have only one project that you can duplicate with different variable environement (dev, staging, production)mik3fly-4steri5k– mik3fly-4steri5k01/19/2020 12:23:51Commented Jan 19, 2020 at 12:23