Don't already have an account? Create an account.
By creating an Ordinary Coders account, you agree to Ordinary Coders' Terms and Conditions.
If you already have an account, login instead.
Post a Comment
Join the community
We have reached the deployment phase for our web app. Read through the topics below before we make the final changes to secure our project for deployment.
What is web app deployment?
Web app deployment is the process of configuring and uploading a project for live internet traffic. Although it may seem daunting, deploying a website has become easier thanks to web hosting tools and interfaces.
How do you deploy a web app?
Deploying a web app requires a web hosting server dedicated to serving your web app content to online users. Hosting companies include Linode, Heroku, and Amazon Web Services. Server costs can vary between hosting services, so we will use Amazon Web Services (AWS) since they offer a free tier and pay-as-you go pricing.
What happens after you deploy?
After deploying, there are other important steps needed to secure your web app. Purchasing a domain name and a SSL certificate (Secure Sockets Layer) are both optional steps that help your website run securely.
Follow us @ordinarycoders
In our settings.py file, we have a secret key responsible for creating digital signatures needed for authentication among other security-related tasks. To reduce the likelihood of exposing our secret key to an attacker, let's separate the information as an environment variable. We will use another Python package to handle this functionality.
Install python decouple
(Ctrl + C)
(env)User-Macbook:mysite user$ pip install python-decouple
Windows Command Prompt
(Ctrl + C)
(env) C:\Users\Owner\desktop\code\env\mysite> pip install python-decouple
Go back to the CLI, quit the server, and install python-decouple.
Create .env file
env > mysite > (New File) .env
Create new file called .env in the first mysite folder which will list the values we need to secure.
Secure configuration settings for website security
env > mysite > .env
SECRET_KEY =YOUR-SECRET-KEY-HERE #your specific django secret key
First, copy the secret key from settings.py and past into .env. While not as important, we will also add the debug variable from settings.py as well. Save the file.
Update the settings.py file
env > mysite > mysite > settings.py
from django.contrib.messages import constants as messages
from decouple import config #new code
SECRET_KEY = config('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config('DEBUG', cast=bool)
Go to settings.py and import config from decouple at the top of the settings file. Replace all of the values now listed in the .env file with config calling on the .env variables to get their respective values. Make sure both files are saved and then run the server again. Nothing will have changed in the browser but the secret keys and configuration settings are now secured and not directly listed in the settings.py file.
Create an AWS account
First, create an AWS free account at https://aws.amazon.com/free/. AWS offers a 12-month free tier for all of the tools you'll need to deploy your web app. You may need to enter your billing and credit card information to create an account but you will not be charged unless you go over the free tier threshold.
If you already have an AWS account, login.
Go to the AWS Management Console
Once logged in, you will be brought to the AWS Management Console.
Create a set of access keys
To connect your project to AWS, we need to create a set of AWS keys. Like a username and password, access keys come with an access key ID and a secret access key that only you should know. AWS gives you only one opportunity to view and save the access keys together to maintain security. If you lose the secret access key, create a new key pair and delete the old one.
Click on your username at the top right side of the page. In the dropdown menu, select "My Security Credentials". Find the section that says "Access keys for CLI, SDK, & API access". Click the button "Create access key". You will be brought to a "Create access key" menu that states "Your new access key is now available". Two keys are listed below. The first is the Access key ID and the second is the Secret access key. Click the button "Download .csv file" and save the access keys in a safe location on your computer. You can only view the secret key once on the AWS menu so make sure you download the .csv before closing the menu.
1. What is the purpose of AWS access keys?
"C" is correct. AWS access keys are used to connect a project to an AWS account for actions such as deployment and sending email through SES.
2. What is the purpose of the .env file?
"A" is correct. Creating a .env file to store sensitive credentials is a necessary step in securing a Django project. In case a malicious hacker accesses your project, the .env variables will still be secured.