Hmm I think it’s just our group, we have a Production support team that holds the keys, and there’s only 3 of them that can access my app.
For example, if I want to change an environment variable, I can’t just log into the cloud console or run a cli command. God no. That would be too easy. I have to write a script for this team to run. This script is entered into an authorization app where a few parties “sign off”, at which point the prod support team can log in to the authorization app and click Deploy. This app then runs my deployment script against our app container to update the env variable.
Accessing and doing DB work follows a similar process.
Yep, this is how strict change control needs to work - if it can be streamlined, all well and good, but not by removing the checks and balances that can help prevent operational issues (not just fraud issues)
For example, if I want to change an environment variable, I can’t just log into the cloud console or run a cli command. God no. That would be too easy. I have to write a script for this team to run. This script is entered into an authorization app where a few parties “sign off”, at which point the prod support team can log in to the authorization app and click Deploy. This app then runs my deployment script against our app container to update the env variable.
Accessing and doing DB work follows a similar process.