Feedback on AWS Setup

[aimran-adroll]

First of all, I love Dask. I was very excited to kick the tires with Coiled. Unfortunately, the current AWS deployment option is not viable for my employer.

1. We are a large AWS-shop and we almost never deal with long-term AWS access key/token. Again, emphasis on long term keys.
2. Both IAM {Setup, Ongoing} policy document grant IAM permissions on *, which will certainly not fly with my security team.

In recent past, something like Dagster (or Prefects) agent model has served us well in this regard. To wit, we fire up a Dagster-agent container with appropriate IAM roles/permissions within our VPC. Subsequently, it negotiates metadata about any necessary code/infra changes over HTTPS to DagsCloud’s Agent API and takes necessary action inside our cloud.

Thank you again for reading. Hopefully i did not misread the docs

[dchudz]

@aimran-adroll Thanks for the note! Both of those concerns make sense.

For (1), we do have a method now without long-term keys. coiled setup aws will use long-term keys, but we're moving away from that, and the method in our web UI will not (it uses a CloudFormation template to set up cross-account delegation).

For (2), we could work with you on scoping the permissions.

I think we can work out something that will make your team happy! Do you want to send me an email (david@coiled.io) to set something up?