top | item 36838358

(no title)

failTide | 2 years ago

you'd still be exposing the database system itself to the public regardless of the credentials you were using for the email service, as opposed to keeping it all within a VPC which seems to be what most guides recommend.

I assume the difference would be that having your database exposed presents additional surface area for attacks. A rube-goldberg style setup probably presents its own risks, but personally I just use AWS SES for my transactional/marketing emails and it's a one-way pipe that doesn't present any significant risks as far as I can see.

discuss

8organicbits|2 years ago

Using a public facing database, but using an IP address allow-list to restrict access is pretty secure. cc should publish the IP addresses they use.

kashnote|2 years ago

It’s listed on the Data page! No need to open the database up to the whole internet. Just whitelist one IP.