Epycbyte Secure Compute

Compliance Measures Shared Responsibility Firewall Access Control SAML SSO HTTPS/SSL Directory Sync Secure Backend Access Secure Compute OpenID Connect Federation New Deployment Protection Deployment Retention Audit Logs Protected Git Scopes Security Secure Backend Access Secure Compute

Epycbyte Secure Compute allows you to establish secure connections between Epycbyte and backend environments.

Table of Contents

• Secure Compute
• How Secure Compute works
• Enabling Secure Compute
• Secure Compute networks and dedicated IP addresses
• Specific region
• Region failover
• Add a project to your Secure Compute network
• Managing the build container
• Multiple Secure Compute networks
• VPC peering
• VPN Support
• Limits

Secure Compute

Secure Compute is available for purchase on Enterprise plans. With Secure Compute, you can create private connections between Epycbyte Functions and your backend cloud, like databases or other private infrastructure.

Currently, Epycbyte deployments require you to allow all IP addresses on your backend cloud. For security reasons, publicly exposing your backend cloud, even if it is behind a firewall, may not be sufficient to meet the requirements of your organization's security and compliance obligations.

How Secure Compute works

Secure Compute establishes secure connections between Epycbyte Functions and your backend cloud by creating a private network with dedicated IP addresses. This allows you to control access to your backend cloud and ensure that only authorized traffic is allowed.

Enabling Secure Compute

To enable Secure Compute, contact Epycbyte and supply your desired region, and optionally CIDR block. The CIDR blocks of Secure Compute network and your VPC must not overlap.

Secure Compute networks and dedicated IP addresses

Secure Compute creates a private network with dedicated IP addresses for each project. This allows you to control access to your backend cloud and ensure that only authorized traffic is allowed.

Specific region

When you use Secure Compute, Epycbyte accepts a VPC peering connection between your Epycbyte Secure Compute network and your AWS VPC in the same or different region.

Region failover

If your Epycbyte Functions are deployed in multiple regions, you can use multiple Secure Compute networks to have different IP pairs in each region. In this case, you can allocate different IP addresses to test projects, internal tools, and public-facing platforms for improved manageability and security.

Add a project to your Secure Compute network

To add a project to your Secure Compute network, select the private network from the list, then click the "Add Project" button. Enter the project name and description, then click "Save".

Managing the build container

When connected to a Secure Compute network, builds experience up to a 5s delay as they provision a secure build container. When this happens, your build is marked as "Provisioning Container" in the dashboard.

Multiple Secure Compute networks

You can use one network with multiple projects in the same team. In this case, the same IP pair is shared across multiple projects. If you require additional security or have a large team, you can have one network for each project so that each project will have its own dedicated IP pair.

VPC peering

VPC peering is a method of connecting two VPCs in the same or different region. When you use Secure Compute, Epycbyte accepts a VPC peering connection between your Epycbyte Secure Compute network and your AWS VPC.

To set up VPC peering:

1. Request Secure Compute: Contact Epycbyte and supply your desired region, and optionally CIDR block.
2. Set up peering in AWS: In your AWS VPC dashboard, configure the peering connection by copying the values from your Secure Compute network settings, and pasting in the AWS VPC peering connection settings:
   • Requester VPC ID: Your VPC ID
   • Account ID: The AWS account ID
   • Accepter VPC ID: Your Epycbyte Secure Compute network's VPC Peering ID
   • Region: Your Epycbyte Secure Compute network's region
3. Create peering connection: In the AWS VPC peering connection settings, click "Create Peering Connection" to establish the connection.
4. Accept peering connection: Go back to your Epycbyte dashboard and click "Accept" to accept the connection.

VPN Support

If your current security and compliance obligations require more than dedicated IP addresses, contact us for guidance related to your specific needs.

Note: If you require support for VPN connections, Contact Sales.

Limits

• Build delay: When connected to a Secure Compute network, builds experience up to a 5s delay as they provision a secure build container.
• Max number of VPC peering connections: The maximum number of VPC peering connections that can be established per network is 50.