Severin Ryberg [sevberg]
07/13/2020, 1:10 AMGreg Desmarais
07/13/2020, 1:13 AMSeverin Ryberg [sevberg]
07/13/2020, 11:09 AMGreg Desmarais
07/13/2020, 1:56 PMI have also considered not exposing my VPC at all and instead configure a gateway connection.The reason a I mention the VPC is to possibly leverage security groups or even the Net ACL to limit ingress IP addresses. If your potential users come from a certain network - say a vpn or corporate lan - you can restruct who can get to the resource. It does get easier if you create a VPC peer type setup.
Would you mind explaining a bit more the idea you have regarding ALB/SSO?AWS ALB has options for integrating some standards complaint SSO solutions like Okta and OneLogin (OpenID and SAML type stuff). If you lock down the security group for your prefect server to only allow inbound traffic from your ALB, you can put the SSO requirement on the ALB as a gatekeeper. Would also potentially simplify your HTTPS configuration. For one reference (among many): https://www.onelogin.com/blog/aws-alb-openid-connect
Severin Ryberg [sevberg]
07/13/2020, 3:26 PM