YAML

Overview Managing serverless environments requires more than just scaling code; it demands robust perimeter security. Laravel Vapor offers a managed firewall to shield applications from Distributed Denial of Service (DDoS) attacks and resource-draining automated traffic. By implementing these controls, you prevent unexpected costs and ensure high availability for legitimate users. Prerequisites To follow this guide, you should be familiar with the Laravel framework and have a basic understanding of YAML configuration. You will also need a project already provisioned on the Vapor platform. Key Libraries & Tools * **Laravel Vapor**: A serverless deployment platform for Laravel. * **Vapor CLI**: The command-line interface used to deploy and manage environments. * **Guzzle**: A PHP HTTP client often used by bots or scripts to make requests. Code Walkthrough To enable the firewall, modify your `vapor.yml` file. This configuration acts as the blueprint for your environment's security rules. Setting Rate Limits Add a `firewall` section to your environment configuration to limit how many requests a single IP can make within a five-minute window. ```yaml id: 1 name: my-app environments: production: firewall: rate_limit: 100 ``` When a source exceeds 100 requests in 5 minutes, Vapor automatically blocks subsequent attempts, protecting your database and compute resources from exhaustion. Implementing Bot Control You can further refine traffic by blocking specific categories of automated agents. This is particularly useful for internal APIs that shouldn't be indexed by search engines. ```yaml firewall: bot_control: - http_libraries - search_engines ``` Syntax Notes The `firewall` key must sit under the specific environment block (e.g., `production` or `staging`). The `bot_control` option accepts a list of predefined categories. Always ensure your YAML indentation is correct, as malformed files will cause deployment failures. Practical Examples A common use case involves blocking `http_libraries`. If you run a script using Guzzle or `curl` against an endpoint protected with this rule, the firewall will reject the traffic immediately. This effectively stops simple scraping scripts from impacting your app. Tips & Gotchas * **Deployment Required**: Changes to `vapor.yml` do not take effect until you run `vapor deploy`. * **Monitoring**: Check your environment metrics after enabling these rules. Vapor provides visual feedback on how many requests the firewall has successfully blocked. * **Cooldown**: Rate-limited IPs are generally blocked for the remainder of the five-minute sliding window.

Overview of Deployment Automation Deploying a Laravel application requires more than just moving files to a server. You must compile assets, manage dependencies, and sync database schemas. Laravel Vapor handles these complexities through two distinct mechanisms: **Build Hooks** and **Deploy Hooks**. Understanding the timing of these hooks is the difference between a seamless launch and a broken production environment. Build hooks prepare your artifact locally, while deploy hooks execute logic directly within the AWS environment once the code is live. Prerequisites To follow this guide, you should be comfortable with the following: * Basic Laravel framework architecture. * A functioning Laravel Vapor account and the Vapor CLI. * Familiarity with YAML syntax for configuration files. * Understanding of NPM or Composer for asset and dependency management. Key Libraries & Tools * **Laravel Vapor CLI**: The primary tool for initiating deployments and viewing real-time logs. * **vapor.yaml**: The central configuration file where hook logic is defined. * **AWS (Amazon Web Services)**: The underlying infrastructure where your application and databases reside. * **Artisan**: Laravel's command-line interface used within deploy hooks for tasks like migrations. Code Walkthrough: Configuring Hooks Open your `vapor.yaml` file to define how each environment behaves. You can customize commands per environment, such as choosing between development or production asset builds. ```yaml id: 1 name: my-app environments: staging: build: - 'composer install' - 'npm install && npm run development' - 'php artisan event:cache' deploy: - 'php artisan migrate --force' production: build: - 'composer install --no-dev' - 'npm install && npm run production' ``` In this configuration, the `build` section runs on your local machine or CI/CD environment before the code is zipped and uploaded. This is the ideal time for `npm run production` because it minimizes the final package size. The `deploy` section runs after the code is uploaded to AWS. We use `php artisan migrate` here because the command needs to interact with the RDS database that exists within the cloud environment, not your local machine. Syntax Notes Laravel Vapor uses standard YAML list syntax for hooks. Each command is a string item in a sequence. Vapor executes these commands in order; if any command returns a non-zero exit code, the deployment aborts immediately. This safety feature prevents broken code from reaching your users. Practical Examples: Database Integration Running migrations via deploy hooks requires a linked database. In the Vapor dashboard, create a database resource (e.g., `my-staging-db`). Once created, link it in your `vapor.yaml` so the environment knows where to run the migration commands: ```yaml staging: database: my-staging-db deploy: - 'php artisan migrate --force' ``` Tips & Gotchas One common pitfall is forgetting that build hooks lack access to your production database. Never put `php artisan migrate` in a build hook; it will fail because your local machine cannot (and should not) reach your cloud database directly. Conversely, avoid running heavy asset compilation in deploy hooks, as this consumes AWS Lambda resources and increases deployment time. Always keep your build artifacts lean and your deployment logic focused on environment-specific tasks.