Hi prefect cloud! I've been using prefect core for about a year at work. I'm working on getting vendor approval internally to start a Cloud accont. I understand that the service doesn't access my data. So the two architecture questions I have are: • What about the credentials I store in blocks? These would be stored by Prefect Cloud, correct? • What about logs data? Do these get stored in Prefect Cloud?

Hi @merlin 👋 happy to hear you are starting that process! Let us know however we can help. As for your questions: 1. That’s correct, any block attributes are stored in Prefect Cloud. If that’s a concern, it’s always possible to use a cloud-provider-specific secrets store (like AWS’ Secrets Manager) or a third party alternative, like Hashicorp Vault 2. Logs are similarly also stored in Prefect. A good rule of thumb is that anything you can see in the UI is stored in Prefect’s backend. The notable items that are NOT stored by Prefect are: your code, your results, and generally anything that happens inside your flow.

Thats what I thought, which should not be an issues. For #1 above do you mean a pattern like: Store AWS credential in Prefect Cloud block, use that to pull resource credentials each time from the flows. Please share any documentation I can use to fill out my Security Architecture Review, and Regulated Vendor Management Due Diligence forms. I'll DM my email.

Store AWS credential in Prefect Cloud block, use that to pull resource credentials each time from the flows.

Sort of, except you don’t explicitly have to provide AWS credentials… those can be provided in the environment itself. For example, if you run your flows on an EC2 instance, you could give the instance an IAM role that allows reading from AWS secrets manager… then all the block is storing is the name of the secret to retrieve.