Private
Private subnet placement for all Rack instances. When set to Yes, instances have no direct internet access and all outbound traffic passes through a NAT gateway. See the Private Networking documentation for more information.
When set to Yes, EC2 instances, ECS tasks, and other Rack resources are placed in private subnets that do not have direct routes to the internet. Outbound internet access is provided through NAT Gateways.
| Default value | No |
| Allowed values | Yes, No |
Use Cases
- Running workloads in a private network to meet security and compliance requirements
- Preventing Rack instances from being directly accessible from the internet
- Deploying applications that should only be reachable through a load balancer or VPN
Additional Information
When Private is set to Yes, the Rack creates NAT Gateways for outbound internet connectivity. NAT Gateways incur additional AWS charges (per-hour and per-GB data processing fees).
Setting Private=Yes also makes the PrivateBuild parameter unnecessary, since all instances including build instances will be placed in private subnets.
If you also want the Rack API itself to be unreachable from the public internet, set PrivateApi to Yes as well.
$ convox rack params set Private=Yes
See Also
