Podcast
Get Unstuck
In some projects, I currently use Forge to provision servers (usually on AWS) and Envoyer to deploy when triggered by a GitHub action.
After Forge provisions the server, I also lock down inbound traffic over SSH (port 22) to only come from trusted sources.
But, as happened recently, Forge and Envoyer changed the IPs they use to communicate, so I need to update the rules.
Today's tip is to have one security group specifically for Forge and Envoyer, and define all the IPs allowed to SSH in that single group. Then, even if you have multiple security groups attached to different servers, you can always include that central Forge/Envoyer security group.
With that small tweak to organization, you can update the IPs in one place and have them apply to all servers.
This tip is AWS-focused, but similar organizational structures exist for other cloud providers as well.
Here to help,
Joel
P.S. Since this tip is security-adjacent, it's a good time to remind you of a free security-focused book you can use with your Laravel app.