Skip to main content
Restate Cloud BYOC is designed around three principles: least privilege, no standing access to your cloud account, and customer ownership of infrastructure. Restate never holds your cloud provider credentials; management access is limited to your managed Kubernetes API endpoint via a scoped, revocable token.

Control channel

The BYOC deployment has three network connections, all initiated from within your account:
ConnectionDirectionProtocolPurpose
Deployment agent → Restate control planeEgress from your accountHTTPS (long-polling)Pulls provisioning and management jobs
Restate control plane → Kubernetes APIInbound to cluster API endpointHTTPS with bearer tokenManages Restate environments (CRDs, namespaces)
Metrics collector → Restate metrics storeEgress from your accountHTTPSShips operational metrics for monitoring and alerting
The deployment agent uses an egress-only polling model — it reaches out to Restate’s control plane to check for work. Restate’s control plane never initiates connections into your account for provisioning or management operations. Restate’s control plane connects to your Kubernetes API to manage Restate environments. This connection uses a bearer token scoped to a limited Kubernetes RBAC role. You can restrict access to the Kubernetes API endpoint by IP allowlisting.
The token can manage RestateCluster resources and namespaces, and write the in-cluster signing-key Secrets it provisions — but it cannot read existing Secrets in your cluster. Revoking the token disables management while leaving running environments untouched.

What crosses the control channel

Sent to your cluster:
CategoryExamples
Environment manifestsRestateCluster CRDs specifying resource limits, replicas, configuration
Container image referencesImage tags (pulled from registry by cluster, not transferred over control channel)
ConfigurationRestate server configuration (non-sensitive)
Signing keysPublic keys for request authentication (stored as Kubernetes Secrets in-cluster)
Received from your cluster:
CategoryExamples
Health statusPod readiness, cluster status
Resource metricsCPU/memory usage, storage utilization
Environment metadataVersion info, replica count
What does NOT cross the control channel:
  • Customer application data or invocation payloads
  • State stored in Restate
  • Customer secrets or credentials
  • Application logs (retained in your account)

Bootstrap security

The foundation template is a standard CloudFormation stack (AWS) or ARM template (Azure) that you deploy yourself. It creates scoped roles for the deployment agent.
The CloudFormation template creates an IAM role for the deployment agent with the following permissions, scoped to the install’s resources:
PermissionScopePurpose
Resource managementInstall resourcesCreate and manage EKS, VPC, S3, and supporting resources
EKS cluster adminInstall’s EKS clusterDeploy Helm charts and Kubernetes manifests via the Kubernetes API
Resource provider registrationSubscription (AWS account)Register required AWS service providers
All IAM roles follow least-privilege principles and are scoped to the resources created by the stack.

Infrastructure security

Compute

Kubernetes clusters run on dedicated cloud-managed virtual machines:
LayerAWSAzure
ComputeEC2 instances (Nitro hypervisor)Azure VMs (Hyper-V isolated)
Container runtimecontainerdcontainerd
KubernetesAmazon EKS (managed control plane)Azure AKS (managed control plane)
ArchitectureARM64 (Graviton / Ampere)ARM64 (Ampere)
Instance security features include IMDSv2 enforcement (AWS), encrypted storage at rest (AES-256), and no local ephemeral storage (all data on network-attached volumes).

Patching

ComponentMethodCadence
Node OSAutomated drift detectionPromptly after a new AMI/image is released
KubernetesManaged cloud provider upgradesPer provider schedule, coordinated with customer
Restate componentsRolling deploymentAs releases are published
Container imagesImage updatesAs vulnerabilities are patched
Vulnerabilities are triaged and prioritized by severity, with critical issues fast-tracked ahead of routine maintenance.

Network isolation

Each BYOC deployment runs in its own VPC with private subnets across multiple availability zones. Restate environments are isolated via Kubernetes NetworkPolicies:
  • Ingress: only the ingress proxy and metrics collector can reach environment pods
  • Egress: DNS, peer nodes in the same namespace, allowlisted VPC endpoints, tunnel, and the public internet
  • Cross-namespace: blocked by default
All in-cluster traffic between components is encrypted with mTLS via a service mesh.

Service connectivity

Restate environments invoke your service handlers over HTTP. Supported connectivity patterns:
PatternHow it works
VPC servicesPrivate IP or internal load balancer via VPC endpoints. All traffic stays within the VPC.
FaaS (Lambda)Invoked via VPC endpoints with IAM authentication. No public internet traversal.
TunnelFor services in other VPCs or networks. Tunnel clients connect to the BYOC VPC via a VPC endpoint.

Data sovereignty

All customer data remains in your cloud account:
  • Invocation payloads, stored state, and snapshots never leave your account
  • Application logs are retained in-cluster and accessible to you
  • Restate collects only operational metadata (health, resource utilization, environment configuration) for monitoring and management

Audit

Log typeLocationRetention
Kubernetes audit logsYour CloudWatch / Azure MonitorCustomer-controlled
VPC flow logsYour S3 / Azure StorageCustomer-controlled
Application logsIn-clusterCustomer-controlled
Control plane operationsRestate audit trailPer Restate retention policy

Customer controls

ActionAvailable?Process
Revoke Restate accessYesRemove the Kubernetes bearer token; environments continue running but management is disabled
IP-restrict cluster APIYesConfigure Kubernetes API server allowlist
Audit management operationsYesKubernetes audit logs capture all control plane actions
Request emergency patchingYesFile a priority support ticket; Restate SLA applies
Force node replacementYesFile a support ticket; completed within SLA