Foundation
- Servers
- Public IPs
- Load Balancers
- Firewalls
- API Gateways
- DNS zones + records
- Service Principals / Non-personal Accounts
- Mail campaigns
- PagerDuty users, groups, alert rules, etc
- A big et cétera
Slide 8
Slide 8 text
server-a
public IP
firewall
load balancer
server-b
dc-sft-a
Slide 9
Slide 9 text
server-a server-b
dc-sft-a
Input:
- CPU
- RAM
- DISK
Output:
- Hostname
- LAN IP
Slide 10
Slide 10 text
server-a
load balancer
server-b
dc-sft-a
Input:
- server-a LAN IP
- server-b LAN IP
Output:
- LAN IP
Slide 11
Slide 11 text
server-a
firewall
load balancer
server-b
dc-sft-a
Input:
- load balancer
LAN IP
- Inboud rules
- Outboud rules
Output:
- LAN IP
Slide 12
Slide 12 text
server-a
public IP
firewall
load balancer
server-b
dc-sft-a
Input:
- firewall LAN IP
Output:
- public IP
Slide 13
Slide 13 text
No content
Slide 14
Slide 14 text
No content
Slide 15
Slide 15 text
Web application
with PostgreSQL as the main database
Slide 16
Slide 16 text
frontend
backend
Slide 17
Slide 17 text
admin app reader
Slide 18
Slide 18 text
No content
Slide 19
Slide 19 text
No content
Slide 20
Slide 20 text
No content
Slide 21
Slide 21 text
No content
Slide 22
Slide 22 text
No content
Slide 23
Slide 23 text
No content
Slide 24
Slide 24 text
Considerations
- Security (traceability, blast radius limitation)
- Reusability/DRY
- Principle of least privilege is widely adopted in the industry
- Initial work is “more” than just hacking into the server