Where are you hosting your companies vibe coded stuff that they only use inside?

Posted by jdlnewborn@reddit | sysadmin | View on Reddit | 12 comments

Good day all,

A new pain in my side these days is departments making vibe coded stuff. These are generally tools they are making with php and mysql databases.

These dont have PII in them at all, so there is really no risk, and the ask is that they would be only allowed to be accessed from our offices (locked down via IP).

Are people just getting a shared host dreamhost instance and throwing it up there? Or?

[-]

Separate_Pop6490@reddit

Azure container apps. Authentication is single sign on.

[-]

Here is our current approach. Vibe coded or not, it gets code review, and then implementation, costs, maintenance, who owns it etc. We work through that and then we roll it out. So far, nothing has passed the implemenation, costs, maintenance portion of review. Turns out that the code has not really ever mattered and the true costs come from who owns it and what team dedicates their time to keeping it going.

AI code is just the recipie. It is no different than standing there with a binder full of recipies acting like you are a michelin star restaurant.

[-]

Reaper7One@reddit

We are taking a similar approach. Implemention costs and ownership are always challenging.

[-]

esqew@reddit

Have you asked why departments are vibe coding their own stuff? Sounds like unmet IT needs like any shadow IT

[-]

MedicatedDeveloper@reddit

S3+WAF+Cloudfront deployed via CD for static stuff, ECS Express+WAF via CD for anything with some kind of backend that is required and doesn't matter if it gets wiped. If the app data does matter it is deployed less haphazardly and goes through a whole review process but this hasn't happened yet.

[-]

LaDev@reddit

We do not.

[-]

cyr0nk0r@reddit

We host each customer's app + whatever else they want in a zero trust tenant that is containerized within our hypervisor. But we're an HVaaS company so it might be different than how an individual company does it.

[-]

sryan2k1@reddit

If it's only used inside it goes on internal webservers and SQL servers. What kind of vibe coded question is this?

[-]

ttkciar@reddit

Everything is in git repos hosted on an on-prem server, safely behind our firewall and accessible via company VPN, whether it is vibe-coded or not.

This is such an easy solution that it never occurred to me that anyone might be doing anything else. Are on-prem servers so unheard of these days that companies are putting even their private repos in remote hosting services?

[-]

h33b@reddit

CISA says yes

[-]

Soggy-Attempt@reddit

What would you had done if several teams had produced the code?

[-]

Fit-Top2103@reddit

If your company uses Azure you could host it in Azure App Service (something like Basic tier which costs like $50/mo) and lock it down so that it may only be accessed by internal IPs. Static website feature on Azure storage also works good too. With the static website feature then you can just grant these users least-privileged access via RBAC to just the $web container that they'll be uploading their HTML files/other code to. Plenty of different ways.