I don’t disagree with that, but there’s so many “wtf is this shit” moments that defy all logic and known practices.
like for example, six different branches of the same repo that deploy to two different environments in a phased rollout. branches 1-3 are prod, 4-6 are dev. phases go 3,1,2 for prod and 6,4,5 for dev. they are numbered as well.
also, the pipelines create a new bucket every build. so there’s over 700 S3 buckets with varying versions of the frontend…that then gets moved into…another S3 bucket with public access.
my personal favorite is the publicly accessible and non-access controlled lambdas with hard-coded lambda evocation URLs in them. lambda A has a public access evocation URL configured instead of using API Gateway. Lambda B has that evocation URL hard coded into the source that’s deployed.
there’s so much negligent work here I swear they did it on purpose.
I don’t disagree with that, but there’s so many “wtf is this shit” moments that defy all logic and known practices.
like for example, six different branches of the same repo that deploy to two different environments in a phased rollout. branches 1-3 are prod, 4-6 are dev. phases go 3,1,2 for prod and 6,4,5 for dev. they are numbered as well.
also, the pipelines create a new bucket every build. so there’s over 700 S3 buckets with varying versions of the frontend…that then gets moved into…another S3 bucket with public access.
my personal favorite is the publicly accessible and non-access controlled lambdas with hard-coded lambda evocation URLs in them. lambda A has a public access evocation URL configured instead of using API Gateway. Lambda B has that evocation URL hard coded into the source that’s deployed.
there’s so much negligent work here I swear they did it on purpose.