Hacker News new | past | comments | ask | show | jobs | submit login

How do you ensure privacy/isolation between users if you have a pool of ready VMs that you re-use?



We don't re-use the VMs - a VM's lifecycle is basically:

1. Launch, prepare basic software, shut down

2. A GitHub job request arrives at Depot

3. The job is assigned to the stopped VM, which is then started

4. The job runs on the VM completes

5. The VM is terminated

So the pool exists to speed up the EC2 instance launch time, but the VMs themselves are both single-tenant and single-use.


My question is thus more on the on-disk data, you mention VM being terminated, does that data is wipped too and new VM starts on a brand new disk?


Correct yeah, each run starts on a brand new VM with a brand new disk - since these are EC2 instances with EBS volumes for their root disk, the whole instance and the EBS volume are deleted after the job finishes and are not reused.


Thanks for the reply




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: