The volumes for the app and the database containers have used the same EFS drive with two different endpoints. Now that DataSync is in place, the S3 bucket and the EFS drive are more tightly linked, and this introduces a potential vulnerability. The user needs to create the db-mysql-data folder in the S3 bucket in order for the database to mount it as a volume, and if this folder is deleted or changed in S3, it could potentially wipe out the database. (This could be seen as a feature, allowing the user to easily truncate the database if its size grows too large.) If this is a problem, we could provision a second, separate EFS drive just for the database, and not attach DataSync to it, ensuring that the user would not stumble into data loss.
The volumes for the app and the database containers have used the same EFS drive with two different endpoints. Now that DataSync is in place, the S3 bucket and the EFS drive are more tightly linked, and this introduces a potential vulnerability. The user needs to create the db-mysql-data folder in the S3 bucket in order for the database to mount it as a volume, and if this folder is deleted or changed in S3, it could potentially wipe out the database. (This could be seen as a feature, allowing the user to easily truncate the database if its size grows too large.) If this is a problem, we could provision a second, separate EFS drive just for the database, and not attach DataSync to it, ensuring that the user would not stumble into data loss.