The cloud-native orchestrator for the whole development lifecycle, with integrated lineage and observability.

dagster

Trying dagster for the first time, and deploying to ECS. The example on the dagster github worked perfectly.
However, when I try to restrict access to only specific IPs, it doesn’t work. I recognize this is more likely a general-aws issue rather than a dagster issue, but wondering if anyone else had this issue.
I went to the network load balancer’s security group sg-&lt;&gt; - dagster-DefaultNetwork-&lt;&gt;
And removed the allow anyone rule, and added my own IP (as well as IP of colleagues) in both IPV4 and IPV6, and can’t access Dagster. When I re-add the 0.0.0.0 rule, I can access dagster again

Update: had to turn the load balancer to an ALB by turning the docker compose port to this:
ports:
      - target: 3000
        x-aws-protocol: http

Went through the same process as you. By default docker will spin up a network load balancer if the target port isn’t 80 or 443, which fails the health check when the security group is restricted. Maybe should be documented to save others some time.

I actually got the same thing to work using NLB and turning on `client_ip_preservation`. Now you can whitelist any IPs you want.