Jonathan Mathews

04/27/2022, 1:24 PM
Hi folks, wondering if it’s possible to get IP addresses of Prefect Cloud. I’d like to lock down the network rules for my agent running on AWS ECS, so restricting access to a fixed set of IP addresses would be useful. I’ve been googling but couldn’t find anything. Thanks

Anna Geller

04/27/2022, 1:34 PM
I wonder whether this is necessary. Prefect Cloud doesn't have access to your infrastructure. Your agent needs to actively poll Prefect Cloud API, and Prefect Cloud doesn't have any direct access to your network and to your infrastructure in general.
So you can still totally lock down your inbound access and Prefect Cloud only requires outbound access from your infrastructure to the public Internet
you can think of it similarly to opening outbound access on your VM instance to download security patches - all inbound access can be blocked (nobody can SSH into your instance other than you) but outbound access to the Internet is required to download security updates in order to install them and keep your instance healthy

Jonathan Mathews

04/27/2022, 1:42 PM
Thanks. Ah, ok I see, so Prefect Cloud does not require inbound access to the agent? I misunderstood that. So instead the agent poll Prefect Cloud periodically?
👍 1

Kevin Kho

04/27/2022, 1:44 PM
Yeah that’s right. Agent polls cloud every 10 seconds so you only need HTTPs outbound, and the agent does all of the execution when it finds a flow

Jonathan Mathews

04/27/2022, 1:45 PM
Got it, thank you