Hi #C020U025QJK + @User, We’re trialing out the newly open-sourced https://github.com/outerbounds/metaflowbot. We’ve some questions as follows: 1. We’re planning to limit the outside world from publicly hitting the container. The current setup is placing it in public with no loadbalancer- https://github.com/outerbounds/metaflowbot/blob/main/docs/deployment.md. Does this MetaFlowBot service requires total exposure to 0.0.0.0 in order for slack interaction to work ? 2. What kind of a port mapping is required for the container itself ? Is it port 65534 ?

Few reasons for making a public deployment : 1) slack emits events to the bot which require a socket connection to slack 2) the bot server doesn’t listen on any ports; rather it subscribes to slack so no way to talk to the bot outside slack :)

can i clarify point 1) slack emits events to the bot which require a socket connection to slack ? Do you mean the bot/Ecs Fargate establishing socket connection to slack ?

Yes; the bot connects to slack via a socket and slack emits events present in the bot manifest i.e.

app_mention

and

im.message

Thanks for input. Am covering grounds on potential security concern. And thanks for the work put into MetaflowBot ..Will give this a go 🙂

Seems like it would be more secure to put this in what some call a "protected" subnet (i.e, a private subnet behind a NAT in a public subnet) rather than making it public; if the bot itself is responsible for initiating a 2-way connection to Slack, this should work fine.

Great point! Just adding a small point; For security concerns, We have kept no inbound rules in the CF template and only outbound;