I'm transitioning to Managed Workflows for Apache Airflow (MWAA) after facing issues with my local installation, specifically because something messed with my base Conda environment. Currently, I have a single VPC housing some EC2 instances that run Python scripts and other trading applications. My plan is to set up MWAA in this same VPC for simplicity and security reasons. I'm wondering if this is the best approach or if I should consider creating a new VPC for MWAA instead. Any advice would be appreciated!
3 Answers
By the way, I attempted to add 'AmazonMWAAFullConsoleAccess' to a user group, but I couldn't find it in the policy list. Anyone else run into this issue?
You might have to create those policies by yourself. Check out the definitions in the AWS docs - they were probably planned to be managed policies before.
It really depends on whether you're planning to expose MWAA publicly. I set up my MWAA environment in a separate VPC for better security. Sure, it takes a bit more time to arrange the inbound and outbound rules, but it feels like a safer move overall. Just something to think about!
I hear you on the security, but I'm not sure how a separate VPC would add that. Since the EC2 access rules would be identical for MWAA, doesn't it feel redundant?
I actually went for a separate VPC too, but then realized it's only necessary for SSH access, which I can manage easily!
Using the same VPC is probably the simplest route. Just spin up a dedicated security group for MWAA. This way, if you're using MWAA to orchestrate tasks with ECS or EC2, it cuts down on potential subnetting headaches while still giving you flexibility with your security settings.
I tried going for a separate VPC, but VPC Peering turned out to be more complex than I expected. I ended up using the same VPC, but I'm stuck connecting them. Any tips?
Yeah, I had to create a custom policy for that too, as the official one just wasn't showing up for me!