Self-Hosted
Learn how to deploy Autoblocks on your own infrastructure.
Autoblocks offers self-hosted deployments through our partnership with Omnistrate, enabling you to run Autoblocks in your own cloud environment and preferred region. With our bring your own account (BYOA) model, you maintain complete data sovereignty while we handle the operational complexity. Our deployment automatically scales based on your usage patterns, includes automated backups for disaster recovery, and maintains high availability across multiple availability zones—all without requiring any operational overhead from your teams. Our control plane is designed with security in mind, operating with limited, precisely-scoped access to only manage the resources required for your Autoblocks deployment.
After connecting your could account, there will be a modal with a link to run the CloudFormation template to establish a secure connection between your cloud provider account and our control plane.
Video Walkthrough
Integration Security
Our integration follow security best practices with strictly limited permissions scoped to essential infrastructure components: We maintain a focused set of permissions that only cover necessary AWS services: EC2, EKS, Elastic Load Balancing, VPC, and minimal IAM operations. For components like the AWS Load Balancer Controller, we implement standard open-source IAM policies from the official Kubernetes SIG repository. To ensure these boundaries cannot be exceeded, we implement multiple layers of security controls:- A permissions boundary (
OmnistrateBootstrapPermissionsBoundary) that prevents the creation of any IAM roles or policies beyond the initial permitted set - Resource tagging restrictions that limit
iam:PassRoleoperations to only Autoblocks-managed roles -'aws:ResourceTag/omnistrate.com/managed-by': 'omnistrate' - The
OmnistrateInfrastructureProvisioningPolicyincludes explicit conditions preventing access to IAM policies outside our scope
Deploying to your cloud account
Connecting your cloud account
Visit the BYOA portal, create an account, and follow the instructions under Cloud Accounts to connect your cloud provider account.
After connecting your could account, there will be a modal with a link to run the CloudFormation template to establish a secure connection between your cloud provider account and our control plane.
Deploying Autoblocks
Once your cloud provider account is configured, you can visit the Instances page to deploy Autoblocks to the region of your choice.
Environment Variables
Reach out to us to get the environment variables for your deployment.You will need to create a PostgreSQL database and ensure the deployment k8s cluster has access to it on port 5432.
The database url environment variable follows the format
postgresql://<username>:<password>@<host>:<port>/<database_name>.The WorkOS callback url should be in the format
https://<your-custom-webapp-domain>/api/auth/callback. Where your custom webapp domain is the domain you plan to associate with the web application for your Autoblocks instance.Custom Domain
Once you have deployed Autoblocks, you can modify the instance to add your custom domains. When you select your recently deployed instance on the Instances page, you will see a Custom DNS tab to add your custom domains.Let us know what your custom domain is so we can configure your WorkOS environment to use it.