Hi folks, wondering if it’s possible to get IP add...
# ask-communityj
Jonathan Mathews
04/27/2022, 1:24 PMHi folks, wondering if it’s possible to get IP addresses of Prefect Cloud. I’d like to lock down the network rules for my agent running on AWS ECS, so restricting access to a fixed set of IP addresses would be useful. I’ve been googling but couldn’t find anything. Thanks
a
Anna Geller
04/27/2022, 1:34 PM
I wonder whether this is necessary. Prefect Cloud doesn't have access to your infrastructure. Your agent needs to actively poll Prefect Cloud API, and Prefect Cloud doesn't have any direct access to your network and to your infrastructure in general.
Anna Geller
04/27/2022, 1:35 PM
So you can still totally lock down your inbound access and Prefect Cloud only requires outbound access from your infrastructure to the public Internet
Anna Geller
04/27/2022, 1:38 PM
you can think of it similarly to opening outbound access on your VM instance to download security patches - all inbound access can be blocked (nobody can SSH into your instance other than you) but outbound access to the Internet is required to download security updates in order to install them and keep your instance healthy
j
Jonathan Mathews
04/27/2022, 1:42 PMThanks. Ah, ok I see, so Prefect Cloud does not require inbound access to the agent? I misunderstood that. So instead the agent poll Prefect Cloud periodically?
👍 1
k
Kevin Kho
04/27/2022, 1:44 PM
Yeah that’s right. Agent polls cloud every 10 seconds so you only need HTTPs outbound, and the agent does all of the execution when it finds a flow
j
Jonathan Mathews
04/27/2022, 1:45 PMGot it, thank you
11 Views