One day, pretty early in the morning, I got a message with a screenshot from the CTO saying:

Any thoughts on how we keep these cleaned up?

A few months earlier, we were discussing the need to deploy feature branch environments as a solution to avoid our delivery process getting stuck, as we were deploying more than the QA team could handle. We created a feature branch deployment pipeline, and it was working great, as every important feature was tested in isolation from the QA environment (no merges until approved by QA). Essentially, we stopped having complaints about our queue to production getting stuck due to defective code or incomplete acceptance criteria.

Prior to working at this company, I earned four AWS certifications and participated in several projects that required AWS knowledge, but nothing compared to what I achieved during my time here.

You might be wondering how I ended up collaborating on architecture and infrastructure, given that I was originally hired as a backend engineer. The truth is, I was extremely lucky. There were managerial changes within the company, and a few months after I started, a new CTO joined the team. We were also a pretty small team and always needed an extra pair of hands.

Late in 2023, AWS informed us that our Aurora servers needed to be migrated due to the deprecation of MySQL Community major version 5.7, recommending a migration to major version 8.0.

[!cite] AWS Announcement

[!note] Check how companies are unaware of these costs and how this could be impacting your billing: AWS Billing spike due to RDS Extended Support

That day during our stand-up meeting, the Scrum Master and the CTO assigned me the task of evaluating the impact of this notification. I immediately raised my concern about the costs the company would incur if we didn’t meet the deadline. Initially, it didn’t seem like much - $0.1 per VCPU -, so I decided to invest that day in compiling all the numbers to ensure everyone understood the impact of this notification.

The least privilege is a term coined in IT Security that stablishs a user or an entity should only have access to specific resources or data to complete with their tasks. This means instead of creating several super users or only one super user and sharing the credentials, we should be focus en creating granular access for every user or application.

[!note] The Principle of Least Privilege is consider a fundamental best practice.

The docker network is isolated from the outside by default, when we want to connect from outside to a docker container we use/create a port mapping and this get exposed through localhost, 127.0.0.1 or your IP address.

[!note] 127.0.0.1 is a loopback address that the system uses to communicate to itself, there is a DNS auto resolved name called localhost that points to 127.0.0.1.

In this example we are going to configure a Web Server and a MySQL database.