Environments
Configuração dos ambientes staging e production.
Ambientes
Staging
| Item | Valor |
|---|---|
| Nome | staging |
| Branch | dev |
| URL API | https://api-staging.seuapp.com |
| URL Frontend | https://staging.seuapp.com |
| Database | app-db-staging (db.t3.micro) |
| Deploy | Automático após merge em dev |
| Propósito | Testes e QA |
Características: - Dados fake/anonimizados - Pode ser resetado - Logs retention: 30 dias - Backups: 7 dias - Multi-AZ: Não
Production
| Item | Valor |
|---|---|
| Nome | production |
| Branch | main |
| URL API | https://api.seuapp.com |
| URL Frontend | https://seuapp.com |
| Database | app-db-production (db.t3.medium) |
| Deploy | Automático após merge em main |
| Propósito | Ambiente real |
Características: - Dados reais de clientes - NUNCA resetar - Logs retention: 90 dias - Backups: 30 dias - Multi-AZ: Sim - Read replicas: 1
Configuração por Ambiente
SAM Parameters
# template.yaml
Parameters:
Environment:
Type: String
AllowedValues: [staging, production]
Conditions:
IsProduction: !Equals [!Ref Environment, production]
Resources:
Database:
Type: AWS::RDS::DBInstance
Properties:
Engine: postgres
EngineVersion: '14'
# Conditional sizing
DBInstanceClass: !If [IsProduction, db.t3.medium, db.t3.micro]
AllocatedStorage: !If [IsProduction, 100, 20]
MultiAZ: !If [IsProduction, true, false]
Environment Variables
Staging:
ENVIRONMENT=staging
DEBUG=true
LOG_LEVEL=DEBUG
DATABASE_URL=${{ secrets.STAGING_DATABASE_URL }}
AWS_REGION=us-east-1
Production:
ENVIRONMENT=production
DEBUG=false
LOG_LEVEL=INFO
DATABASE_URL=${{ secrets.PROD_DATABASE_URL }}
AWS_REGION=us-east-1
Network Configuration
VPC
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-vpc'
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
AvailabilityZone: !Select [0, !GetAZs '']
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
AvailabilityZone: !Select [1, !GetAZs '']
Security Groups
LambdaSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for Lambda functions
VpcId: !Ref VPC
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
DestinationSecurityGroupId: !Ref DatabaseSecurityGroup
DatabaseSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security group for RDS
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
SourceSecurityGroupId: !Ref LambdaSecurityGroup
Resource Tagging
Tags:
- Key: Environment
Value: !Ref Environment
- Key: Project
Value: PeopleTech
- Key: ManagedBy
Value: SAM
- Key: CostCenter
Value: Engineering
Outputs
Outputs:
ApiUrl:
Description: API Gateway URL
Value: !Sub 'https://${AppApi}.execute-api.${AWS::Region}.amazonaws.com/${Environment}/'
Export:
Name: !Sub '${AWS::StackName}-ApiUrl'
QueueUrl:
Description: SQS Queue URL
Value: !Ref UserEventsQueue
Export:
Name: !Sub '${AWS::StackName}-QueueUrl'
Best Practices
- Separate stacks per environment
- Use parameters for configuration
- Export outputs for cross-stack references
- Tag all resources
- Use conditions for environment-specific resources