Ideally, there should be 3 separate environments: Production, Staging and Development for different purposes:
Depending on the project, Staging can be skipped; UAT will be on Development.
AWS should be the best option to host environments; specifically AWS Elasticbeanstalk which allows to programmatically deploy source code by provided command line.
Each product / service should be associated with only one application on AWS Elasticbeanstalk with 3 environments described in the previous section.
If the infrastructure is provided or defined by the client, follow their deployment reference.
Bitbucket and Github should be prioritized as they enable CI / CD in projects (Bitbucket Pipeline and Github Actions) with strong build machines.
AWS CodeCommit and GitLab could be good options in case Bitbucket and Github cannot be chosen.
Credentials to repositories will be provided by project managers or tech leads.
Identical to environment structure, there should be 3 separate branches for 3 different environments:
Deploying right branch to right environment infrastructure MUST be 100% accurate. Otherwise, crashes will likely happen and degrade end users' experience.
Ideally, each member in the dev team should be invited to the repository with their Offspring Digital email for security and audit purposes.
There will be a case that the client's budget is not able to afford the cost for source code hosting. Therefore, Offspring Digital main account will be used to commit changes.
master, staging and dev cannot be rewritten history. No force push can be pushed to those branches.
Only the team lead has permission to merge pull requests into branch master and staging after code review.
Devs checkout new branches from master to work on new tickets / issues. Name for new branches can be the ID number of the tickets / issues.
After QA, devs create pull requests into master and staging. Team lead is responsible for merging pull requests.
Turn on 2FA for all accounts.
Implement ssh access restrictions with whitelist IP address (Offspring IP: 27.72.98.177)
Create IAM for each of the users instead of sharing the root account.
Store passwords in 1 password account, don't store in a word doc or similar.
If share passwords to external persons, use https://onetimesecret.com/, never send directly in email/ chat.