Allowing access to databases connected to Redwood Apps

In this case, whitelisting IP addresses of Netlify does not improve security. Attackers can just start a service on Netlify to masquerade the IP addresses. For security-sensitive applications, I think there’re 2 options:

  1. Deploy redwoodjs on EC2. Redwoodjs can run on my local machine. I’m sure it can run on an EC2 server. We can create a tool to deploy redwoodjs on EC2.
  2. Ask Netlify team to provide an EC2 compatible image in AWS Marketplace. You can point the deployment endpoint to the EC2 server instead of netlify.com.

In both cases, you whitelist the EC2 security group to RDS.

1 Like