Our tips for working with Codefresh
Description of the recommended workflow and division of responsibility to use when creating and deploying new Terraform code
Introduction to Cloud Posse Reference Architectures
Use very short TTLs on SOA records (E.g. 60 seconds or less) Delegate Zones to every organization or use dedicated zones per organization (e.g. cloudposse.com, cloudposse.net, cloudposse.org) Use ALIAS records to map zone apex record to ELBs
Security by Design Never Share Secrets Between Stages Rotate Secrets Frequently Automate Key Rotation Audit Trails Encrypted at Rest TLS Everywhere MFA Everywhere Password-based security is not sufficient. Too many passwords have been compromised over the years and aggregated as part of massive rainbow tables which make password cracking much more effective. Othertimes, users simply share passwords with eachother and forget to change them. The best wat to mitigate the usefulness of a credential (e.
Use Git Workflow Infrastructure as Code Infrastructure as Code is essential for managing change control and as a system of record for disaster recovery. Configuration is a form of Intellectual Property. Without the code, you don’t own the IP. Feature Branches Recommend using a consistent naming convention for branch names by all developers. Using a convention will help developers to navigate branches. Pull Requests Pull Requests should express ## what changed and ## why it changed (e.