Attila Nagy

    Attila Nagy

    4 months ago
    Hi, When deploying with https://docs.flyte.org/en/latest/deployment/aws/opta.html#deployment-aws-opta, what's the canonical way for setting up an allowlist (list of permitted IPs/networks) for the internet-facing service, so the service isn't open for anyone on the internet?
    Ketan (kumare3)

    Ketan (kumare3)

    4 months ago
    cc @JD Palomino can you help here?
    j

    JD Palomino

    4 months ago
    more info
    Attila Nagy

    Attila Nagy

    4 months ago
    Basically I would like to set up a default deny rule on the load balancer, so only a given set of IP addresses/CIDRs should reach the service.
    Ketan (kumare3)

    Ketan (kumare3)

    4 months ago
    @JD Palomino - @Attila Nagy wants to limit access to certain cidrs only. This can be done by modifying the security group for LB, to restrict the ranges
    Attila Nagy

    Attila Nagy

    4 months ago
    The opta deployment creates a network load balancer (no security groups, only limited VPC ACLs). Can this be configured in the YAML files?
    j

    JD Palomino

    4 months ago
    I can look into this yes