This message was deleted.

Hey @Anthony Chiu! I'll check with the team and let you know soon ☺️

Hi @Anthony Chiu - I’d still recommend using the PDP locally- you can simply run it on as a container on Fargate (which BTW is also considered serverless by AWS’ definition), it will enjoy all the same latency reductions as if it was running on another lambda- as long as it’s part of the same VPC.

In the documentation, there is mentioned "If for some reason it is important to that the PDP itself will also run as part of the cloud-function service; please reach to us on the Slack community for additional support.". As we aren't able to run ECS Fargate on our VPC. EKS is also restricted. Is there other options? EC2 with docker running the container on the same VPC, but introduced unnecessary maintenance.

Hi @Anthony Chiu, You could run this on EC2 of course with a container. I think the right thing though is to get your Devops or IT involved and get the ability to run the container on Fargate or EKS, I'd be happy to help you explain to them why this is needed, and even join a call with them. You can of course continue working in production with the cloud-pdp, it is production grade and reliable, you just don't benefit from the zero-latency gained by having the local PDP.

@Or Weis, Just checking to see if there are other options without ECS or EKS to run the local PDP? I understand the container uses websocket to pull updates from permit.io cloud for any new changes, hence make it a long running container that Lambda wouldn't fit well. Would there be other alternative? If cloud-pdp is used, what will be the latency?

Hi @Anthony Chiu • We could run a cloud PDP for you on the same AWS region; which should bring down the latency to about 20-40ms on avg. ◦ What region are you on in AWS? • There’s also an option of WASM based lighter PDP we could provide for you to run in Lambda - would require some dev work, and would probably be limited to RBAC policies - at least initially.

As we are evaluating, we wanted to ensure there isn't any security as well as performance impact due to both the vendor solution and our internal security policy. Pre-prod and Prod will likely be the one that required no latency as application will likely be making numerous checks on permission, although a lot of the backend calls can be async, We want to anticipate different scenarios.

Hi @Anthony Chiu For enterprise tier customers we can deploy custom PDPs in whatever AWS region you want - this can be done within a few hours to a few days at most - and is available now. Covering both of your needs here

@Or Weis, ABAC is also supported? with the cloud PDP? on https://docs.permit.io/tutorials/quickstart, it had a note mentioning Please remember that for the time being, when using the Cloud PDP, there is no support (ABAC Attribute-based Access Control).

These custom PDPs I mentioned, are not the same as the cloud PDP (which is a lightweight mass scale version)- they are regular PDPs we host for you. And they support ABAC, yes.