Best Practices

Code Review Guidelines

Here are some of our tips for conducting Code Reviews the SweetOps way. If you haven’t already, become familiar with our Development Best Practices and Terraform Best Practices. Use the “Suggest” feature as much as possible. This makes it quick and easy for the contributor to accept or dismiss the recommendations. Use proper markdown in suggestions (e.g. code blocks) Always be polite and appreciative of the contributions! Use emoticons to up-vote other comments (rather than +1 comments) Use ChatOps commands like /rebuild-readme or /terraform-fmt to fix common problems Use ChatOps commands like /test all, /test bats, /test readme, /test terratest to run integration tests Recommend changes to better conform to our best-practices.

Development Best Practices

Use GitHub Workflow Infrastructure as Code Infrastructure as Code is essential for managing change control and as a system of record for disaster recovery. Configuration is a form of Intellectual Property. Without the code, you don’t own the IP. Feature Branches Recommend using a consistent naming convention for branch names by all developers. Using a convention will help developers to navigate branches. Pull Requests Pull Requests should express ## what changed and ## why it changed (e.

Route 53 Best Practices

Use very short TTLs on SOA records (E.g. 60 seconds or less) Delegate Zones to every organization or use dedicated zones per organization (e.g. cloudposse.com, cloudposse.net, cloudposse.org) Use ALIAS records to map zone apex record to ELBs

Secrets Management Best Practices

Security by Design Never Share Secrets Between Stages Rotate Secrets Frequently Automate Key Rotation Audit Trails Encrypted at Rest TLS Everywhere MFA Everywhere Password-based security is not sufficient. Too many passwords have been compromised over the years and aggregated as part of massive rainbow tables which make password cracking much more effective. Othertimes, users simply share passwords with eachother and forget to change them. The best wat to mitigate the usefulness of a credential (e.