By using AWS re:Post, you agree to the Terms of Use

IF MY WEBSITE APP IS HOSTED ON AWS, HOW DO I PREVENT HIRED DEVELOPERS FROM DOWNLOADING MY WEBSITE SOURCE CODE?

0

Hello, I would like to host my new website app at AWS, but my question is that, is there a permission or a way at AWS to prevent developers am to hire to modify the site from downloading my website source code? Because it will be painful to hire a developer to modify my website and same time the developer steal my website source code too

Your response will be highly appreciated

Thank you Ronnie

2 Answers
2

If the developers are working on your application, they probably have access to the source code as they need to make changes to it. There is no way to prevent them from saving this to their local computer. While you can put restrictions on downloading files, developers can just copy/paste the code to their local editor.

You can restrict access to the database layer so that the developer does not have access to your production data.

Ultimately, you're entrusting your source code to the developers you hire, so be selective.

profile picture
MODERATOR
answered a month ago
  • Thanks for the response. But, if my whole website is hosted on AWS, is there away to limit access to my site database by developers and only allow them to access the software source code?

  • You need to come up with a plan with your CI/CD pipelines and access control to prevent the developer access to the production environment where only the production application can call the database directly. A common practice is to separate the production data/code into its own account and restrict access to that account. This does complicate the architecture and you need to be skilled with AWS to build this.

1

One option could be to not build a monolith application but to break it up into microservices. Let one developer build your front-end using a SPA framework like React.js. Let other developers build your backend logic as independent microservices that are invoked from your front-end using APIs.

You could then give each developer their own independent AWS accounts and then you take up the responsibility of putting it all together at the end into a single AWS account, after having tested out all the pieces independently. That way the developers will only see pieces of the puzzle and not the entire puzzle.

profile picture
EXPERT
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions