Hi,
When deploying with <https://docs.flyte.org/en...
# flyte-supportf
future-football-28532
05/23/2022, 10:00 PMHi,
When deploying with https://docs.flyte.org/en/latest/deployment/aws/opta.html#deployment-aws-opta, what's the canonical way for setting up an allowlist (list of permitted IPs/networks) for the internet-facing service, so the service isn't open for anyone on the internet?
f
freezing-airport-6809
05/23/2022, 10:54 PM
cc @most-sunset-30029 can you help here?
m
most-sunset-30029
05/23/2022, 10:56 PMmore info
f
future-football-28532
05/24/2022, 9:19 AMBasically I would like to set up a default deny rule on the load balancer, so only a given set of IP addresses/CIDRs should reach the service.
f
freezing-airport-6809
05/24/2022, 1:58 PM
@most-sunset-30029 - @future-football-28532 wants to limit access to certain cidrs only. This can be done by modifying the security group for LB, to restrict the ranges
f
future-football-28532
05/24/2022, 9:08 PMThe opta deployment creates a network load balancer (no security groups, only limited VPC ACLs).
Can this be configured in the YAML files?
m
most-sunset-30029
05/24/2022, 9:12 PMI can look into this yes
👍 1
164 Views