You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The volumes for the app and the database containers have used the same EFS drive with two different endpoints. Now that DataSync is in place, the S3 bucket and the EFS drive are more tightly linked, and this introduces a potential vulnerability. The user needs to create the db-mysql-data folder in the S3 bucket in order for the database to mount it as a volume, and if this folder is deleted or changed in S3, it could potentially wipe out the database. (This could be seen as a feature, allowing the user to easily truncate the database if its size grows too large.) If this is a problem, we could provision a second, separate EFS drive just for the database, and not attach DataSync to it, ensuring that the user would not stumble into data loss.
The text was updated successfully, but these errors were encountered:
The volumes for the app and the database containers have used the same EFS drive with two different endpoints. Now that DataSync is in place, the S3 bucket and the EFS drive are more tightly linked, and this introduces a potential vulnerability. The user needs to create the db-mysql-data folder in the S3 bucket in order for the database to mount it as a volume, and if this folder is deleted or changed in S3, it could potentially wipe out the database. (This could be seen as a feature, allowing the user to easily truncate the database if its size grows too large.) If this is a problem, we could provision a second, separate EFS drive just for the database, and not attach DataSync to it, ensuring that the user would not stumble into data loss.
The text was updated successfully, but these errors were encountered: