Self-Hosted

Autoblocks offers self-hosted deployments through our partnership with Omnistrate, enabling you to run Autoblocks in your own cloud environment and preferred region. With our bring your own account (BYOA) model, you maintain complete data sovereignty while we handle the operational complexity. Our deployment automatically scales based on your usage patterns, includes automated backups for disaster recovery, and maintains high availability across multiple availability zones—all without requiring any operational overhead from your teams. Our control plane is designed with security in mind, operating with limited, precisely-scoped access to only manage the resources required for your Autoblocks deployment.

​

Video Walkthrough

​

Integration Security

Our integration follow security best practices with strictly limited permissions scoped to essential infrastructure components: We maintain a focused set of permissions that only cover necessary AWS services: EC2, EKS, Elastic Load Balancing, VPC, and minimal IAM operations. For components like the AWS Load Balancer Controller, we implement standard open-source IAM policies from the official Kubernetes SIG repository. To ensure these boundaries cannot be exceeded, we implement multiple layers of security controls:

1. A permissions boundary (OmnistrateBootstrapPermissionsBoundary) that prevents the creation of any IAM roles or policies beyond the initial permitted set
2. Resource tagging restrictions that limit iam:PassRole operations to only Autoblocks-managed roles - 'aws:ResourceTag/omnistrate.com/managed-by': 'omnistrate'
3. The OmnistrateInfrastructureProvisioningPolicy includes explicit conditions preventing access to IAM policies outside our scope

While we can implement additional restrictions based on your security requirements, this may impact our ability to provide comprehensive support and maintenance. Our current permission set represents the optimal balance between security and operational efficiency.

​

Deploying to your cloud account

​

Connecting your cloud account

Visit the BYOA portal, create an account, and follow the instructions under Cloud Accounts to connect your cloud provider account. After connecting your could account, there will be a modal with a link to run the CloudFormation template to establish a secure connection between your cloud provider account and our control plane.

​

Deploying Autoblocks

Once your cloud provider account is configured, you can visit the Instances page to deploy Autoblocks to the region of your choice.

​

Environment Variables

Reach out to us to get the environment variables for your deployment.

​

Custom Domain

Once you have deployed Autoblocks, you can modify the instance to add your custom domains. When you select your recently deployed instance on the Instances page, you will see a Custom DNS tab to add your custom domains.

​

Monitoring your deployment

You can monitor your deployment by visiting the Instances page and selecting your recently deployed instance. You can also see audit logs of all actions taken on your deployment by visiting the Audit Logs page.

​

Backups & Recovery

The deployment will automatically create a backup of the database every 6 hours and retains backups for 5 days. You can request custom backup schedules by contacting us.

​

Upgrades

Your deployment will automatically upgrade to the latest version of Autoblocks as we release new versions.

​

Deleting your deployment

You can delete your deployment by visiting the Instances page and selecting your recently deployed instance.