Im about to go down this path for fun with the saas template I’ve built for myself, but my concern is what am I going to screw up security-wise? Im not an expert by any stretch - I know the basics. I guess we’ll find out!
I just never worried about this with Heroku. I already use the paid tier there for some projects, but the writing seems to be on the wall, so I’m sampling the alternatives. Render is probably where I end up though.
Ya, certainly a concern when going from well-funded org with hired experts to just yourself.
For myself, I just run automated security updates (uptime is not a pinnacle concern for me), do the basic fail2ban set-up, ensure I have a bit of reporting. Most importantly, I pray to Cthulhu I'm enough of a low-priority target that all I need to fend off is drive-by attacks.
I try as much as possible to isolate e.g. credentials and sensitive information from public infrastructure. Everything else that is more sensitive I stick behind tailscale, usually hosted at home on Pis or my NAS.
I just never worried about this with Heroku. I already use the paid tier there for some projects, but the writing seems to be on the wall, so I’m sampling the alternatives. Render is probably where I end up though.