Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API Gateway should be optional #22

Open
olivermeyer opened this issue Apr 27, 2022 · 2 comments
Open

API Gateway should be optional #22

olivermeyer opened this issue Apr 27, 2022 · 2 comments

Comments

@olivermeyer
Copy link
Contributor

The API Gateway is only useful when external traffic is expected. In cases where all traffic will be internal to the VPC in which Metaflow is hosted, the API Gateway only adds value if it's used for additional access control. It's also a liability because the only way to deny all incoming traffic is to misuse the access_list_cidr_blocks variable to make the API Gateway's resource policy allow traffic only from an impossible IP range.

I see two solutions here:

  • If the API Gateway is useful even for all-private traffic (e.g. to allow other forms of access control), then it should be possible to make it private
  • If the API Gateway is not useful for all-private traffic, then it should be possible to disable it in the module

I think the first solution is preferable in the long run, but the second is simpler to implement. I'm happy to open a PR but I'm not sure which way to go.

@olivermeyer olivermeyer changed the title API Gateway should be optional or private API Gateway should be optional Apr 27, 2022
@benchoncy
Copy link
Contributor

I'm also in a situation where the API gateway goes unused; it would be nice to see this be optional.

@PierceCoggins
Copy link

Agree with this - we could really use optional API gateway too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants