You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The API Gateway is only useful when external traffic is expected. In cases where all traffic will be internal to the VPC in which Metaflow is hosted, the API Gateway only adds value if it's used for additional access control. It's also a liability because the only way to deny all incoming traffic is to misuse the access_list_cidr_blocks variable to make the API Gateway's resource policy allow traffic only from an impossible IP range.
I see two solutions here:
If the API Gateway is useful even for all-private traffic (e.g. to allow other forms of access control), then it should be possible to make it private
If the API Gateway is not useful for all-private traffic, then it should be possible to disable it in the module
I think the first solution is preferable in the long run, but the second is simpler to implement. I'm happy to open a PR but I'm not sure which way to go.
The text was updated successfully, but these errors were encountered:
olivermeyer
changed the title
API Gateway should be optional or private
API Gateway should be optional
Apr 27, 2022
The API Gateway is only useful when external traffic is expected. In cases where all traffic will be internal to the VPC in which Metaflow is hosted, the API Gateway only adds value if it's used for additional access control. It's also a liability because the only way to deny all incoming traffic is to misuse the
access_list_cidr_blocks
variable to make the API Gateway's resource policy allow traffic only from an impossible IP range.I see two solutions here:
I think the first solution is preferable in the long run, but the second is simpler to implement. I'm happy to open a PR but I'm not sure which way to go.
The text was updated successfully, but these errors were encountered: