Self-Hosted
Learn how to deploy Autoblocks on your own infrastructure.
Autoblocks offers self-hosted deployments through our partnership with Omnistrate, enabling you to run Autoblocks in your own cloud environment and preferred region. With our bring your own account (BYOA) model, you maintain complete data sovereignty while we handle the operational complexity. Our deployment automatically scales based on your usage patterns, includes automated backups for disaster recovery, and maintains high availability across multiple availability zones—all without requiring any operational overhead from your teams. Our control plane is designed with security in mind, operating with limited, precisely-scoped access to only manage the resources required for your Autoblocks deployment.
Video Walkthrough
Integration Security
Our integration follow security best practices with strictly limited permissions scoped to essential infrastructure components:
We maintain a focused set of permissions that only cover necessary AWS services: EC2, EKS, Elastic Load Balancing, VPC, and minimal IAM operations. For components like the AWS Load Balancer Controller, we implement standard open-source IAM policies from the official Kubernetes SIG repository.
To ensure these boundaries cannot be exceeded, we implement multiple layers of security controls:
- A permissions boundary (
OmnistrateBootstrapPermissionsBoundary) that prevents the creation of any IAM roles or policies beyond the initial permitted set - Resource tagging restrictions that limit
iam:PassRoleoperations to only Autoblocks-managed roles -'aws:ResourceTag/omnistrate.com/managed-by': 'omnistrate' - The
OmnistrateInfrastructureProvisioningPolicyincludes explicit conditions preventing access to IAM policies outside our scope
While we can implement additional restrictions based on your security requirements, this may impact our ability to provide comprehensive support and maintenance. Our current permission set represents the optimal balance between security and operational efficiency.
Deploying to your cloud account
Connecting your cloud account
Visit the BYOA portal, create an account, and follow the instructions under Cloud Accounts to connect your cloud provider account.
After connecting your could account, there will be a modal with a link to run the CloudFormation template to establish a secure connection between your cloud provider account and our control plane.
Deploying Autoblocks
Once your cloud provider account is configured, you can visit the Instances page to deploy Autoblocks to the region of your choice.
Environment Variables
Reach out to us to get the environment variables for your deployment.
You will need to create a PostgreSQL database and ensure the deployment k8s cluster has access to it on port 5432.
The database url environment variable follows the format postgresql://<username>:<password>@<host>:<port>/<database_name>.
The WorkOS callback url should be in the format https://<your-custom-webapp-domain>/api/auth/callback. Where your custom webapp domain is the domain you plan to associate with the web application for your Autoblocks instance.
Custom Domain
Once you have deployed Autoblocks, you can modify the instance to add your custom domains. When you select your recently deployed instance on the Instances page, you will see a Custom DNS tab to add your custom domains.
Let us know what your custom domain is so we can configure your WorkOS environment to use it.
Monitoring your deployment
You can monitor your deployment by visiting the Instances page and selecting your recently deployed instance.
You can also see audit logs of all actions taken on your deployment by visiting the Audit Logs page.
Backups & Recovery
The deployment will automatically create a backup of the database every 6 hours and retains backups for 5 days. You can request custom backup schedules by contacting us.
Upgrades
Your deployment will automatically upgrade to the latest version of Autoblocks as we release new versions.
Deleting your deployment
You can delete your deployment by visiting the Instances page and selecting your recently deployed instance.