You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Context:
I've successfully installed Prefect on an Amazon Lightsail instance, currently running the server without the UI. To deploy flows, I access the instance shell and execute the necessary commands. However, when using the UI, I encountered a security concern. The workaround I adopted was installing Prefect on my Windows WSL, configuring PREFECT_API_URL and PREFECT_API_DATABASE_CONNECTION_URL variables to point to my Lightsail instance. This, however, raises security issues, as anyone can potentially connect to my Lightsail instance.
Request for Discussion:
I'm seeking suggestions and insights from the community on how to enhance the security of my Prefect deployment on Lightsail. Specifically, I'm looking for recommendations on securing the Lightsail instance, restricting access, and improving overall security without compromising workflow efficiency.
Current Approach:
Installed Prefect on Lightsail.
Running Prefect server without UI on Lightsail.
Using Prefect on Windows WSL for UI, configured with Lightsail instance URLs.
Concerns about potential unauthorized access due to the current setup.
Considering creating an additional Lightsail instance with a fixed IP exclusively for accessing the UI to address security concerns.
Proposed Solutions Welcome:
I'm open to community suggestions and experiences regarding securing Prefect deployments, especially on Lightsail instances. Your insights will greatly contribute to improving the overall security posture of Prefect in this deployment scenario.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Discussion:
Context:
I've successfully installed Prefect on an Amazon Lightsail instance, currently running the server without the UI. To deploy flows, I access the instance shell and execute the necessary commands. However, when using the UI, I encountered a security concern. The workaround I adopted was installing Prefect on my Windows WSL, configuring PREFECT_API_URL and PREFECT_API_DATABASE_CONNECTION_URL variables to point to my Lightsail instance. This, however, raises security issues, as anyone can potentially connect to my Lightsail instance.
Request for Discussion:
I'm seeking suggestions and insights from the community on how to enhance the security of my Prefect deployment on Lightsail. Specifically, I'm looking for recommendations on securing the Lightsail instance, restricting access, and improving overall security without compromising workflow efficiency.
Current Approach:
Proposed Solutions Welcome:
I'm open to community suggestions and experiences regarding securing Prefect deployments, especially on Lightsail instances. Your insights will greatly contribute to improving the overall security posture of Prefect in this deployment scenario.
Beta Was this translation helpful? Give feedback.
All reactions