Hi folks, wondering if it’s possible to get IP addresses of Prefect Cloud. I’d like to lock down the network rules for my agent running on AWS ECS, so restricting access to a fixed set of IP addresses would be useful. I’ve been googling but couldn’t find anything. Thanks
04/27/2022, 1:34 PM
I wonder whether this is necessary. Prefect Cloud doesn't have access to your infrastructure. Your agent needs to actively poll Prefect Cloud API, and Prefect Cloud doesn't have any direct access to your network and to your infrastructure in general.
So you can still totally lock down your inbound access and Prefect Cloud only requires outbound access from your infrastructure to the public Internet
you can think of it similarly to opening outbound access on your VM instance to download security patches - all inbound access can be blocked (nobody can SSH into your instance other than you) but outbound access to the Internet is required to download security updates in order to install them and keep your instance healthy
04/27/2022, 1:42 PM
Thanks. Ah, ok I see, so Prefect Cloud does not require inbound access to the agent? I misunderstood that. So instead the agent poll Prefect Cloud periodically?
04/27/2022, 1:44 PM
Yeah that’s right. Agent polls cloud every 10 seconds so you only need HTTPs outbound, and the agent does all of the execution when it finds a flow