https://outerbounds.com/ logo
Join Slack
Powered by
Hi, i’m going through some security/permission rel...
# dev-metaflow
a
Hi, i’m going through some security/permission related audit. i’ve questions related to
Copy code
<https://github.com/Netflix/metaflow-tools/blob/master/aws/cloudformation/metaflow-cfn-template.yml#L462>
How does the migration service work in terms of AWS resources is involved ? I’ve read through the documentation at https://outerbounds.com/docs/migration I’m trying to understand whether a new vpc-endpoint or network interface is created and when does it gets deleted, in the context of migration process …
1
a
@adventurous-gigabyte-81428 The migration service is only responsible for migrating the schema of DB powering the metadata service.
No AWS resources are created or destroyed as part of that migration service execution.
a
for these permissions assigned to the LambdaECSExecuteRole, does the following still being used ? https://github.com/outerbounds/metaflow-tools/blob/master/aws/cloudformation/metaflow-cfn-template.yml#L466
Copy code
"ec2:CreateNetworkInterface",
                                                        "ec2:DescribeNetworkInterfaces",
                                                        "ec2:DeleteNetworkInterface"
Creation of network interfaces
a
Those are used to create the lambda function that triggers the metadata service endpoint. You can also invoke it manually with no need to set up / use the lambda function.
a
Ok thanks for clarifying
For those who are searching through slack with similar question, i’ve found more info in relation to the conversation above … Silly me….., info is in the tons of documentation i have to read through ….. hope this is useful for those in search https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-permissions
❤️ 1
Open in Slack
PreviousNext
Powered by