Closed aimran-adroll closed 6 months ago
@aimran-adroll Thanks for the note! Both of those concerns make sense.
For (1), we do have a method now without long-term keys. coiled setup aws
will use long-term keys, but we're moving away from that, and the method in our web UI will not (it uses a CloudFormation template to set up cross-account delegation).
For (2), we could work with you on scoping the permissions.
I think we can work out something that will make your team happy! Do you want to send me an email (david@coiled.io) to set something up?
First of all, I love Dask. I was very excited to kick the tires with Coiled. Unfortunately, the current AWS deployment option is not viable for my employer.
*
, which will certainly not fly with my security team.In recent past, something like Dagster (or Prefects) agent model has served us well in this regard. To wit, we fire up a Dagster-agent container with appropriate IAM roles/permissions within our VPC. Subsequently, it negotiates metadata about any necessary code/infra changes over HTTPS to DagsCloud’s Agent API and takes necessary action inside our cloud.
Thank you again for reading. Hopefully i did not misread the docs