Securing Your Deployment
This section is a work in progress. Please reach out on our Discord if you have specific questions.
From a security perspective, the primary activity required will be placing a load balancer with TLS in front of PowerSync.
Below is an architecture diagram of a successful deployment:
Data doesn't always flow in the direction of your firewall rules, so the below table documents which components are making connections to others:
| Request Originator | Request Destination | Protocol |
|---|---|---|
PowerSync Service | Postgres | TCP |
PowerSync Service | MongoDB | TCP |
PowerSync Service | OpenTelemetry Collector | TCP or UDP |
PowerSync Service | JWKS Endpoint | TCP (HTTPS) |
App Client | PowerSync Service (via LB) | TCP (HTTPS) |
App Client | App Backend | TCP (HTTPS) |
App Backend | Postgres | TCP |
Last updated
