All integrations
Fly.io
Deployment

Deploy Cerbos on Fly.io

Deploy the Cerbos PDP on Fly.io for low-latency authorization decisions close to your users across multiple regions.

Multi-region

Multi-region

Deploy Cerbos instances close to your users across Fly.io regions for low-latency authorization decisions

Stateless scaling

Stateless scaling

Scale horizontally across regions with no coordination, each instance loads policies independently

Simple deployment

Simple deployment

Define a fly.toml and deploy with a single command using the official Cerbos container image

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Fly.io gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How to deploy Cerbos on Fly.io

  1. Create a fly.toml, Define your Fly.io app configuration referencing the official Cerbos container image and exposing the HTTP and gRPC ports.
  2. Configure policy loading, Set environment variables or mount a config file to point Cerbos at a Git repository or Cerbos Hub for policies.
  3. Deploy, Run fly deploy to launch the Cerbos PDP on Fly.io infrastructure.
  4. Scale to regions, Use fly scale count and fly regions add to place Cerbos instances close to your users.

FAQ

How do I deploy Cerbos on Fly.io?

Create a fly.toml that references the official Cerbos container image, configure your policy source, and run `fly deploy`. Cerbos runs as a stateless service that Fly.io can place in any region.

Can I run Cerbos in multiple Fly.io regions?

Yes. Because Cerbos is stateless, you can scale to multiple regions with `fly scale count`. Each instance loads policies independently from Git or Cerbos Hub.

Does Cerbos require any external dependencies?

No. Cerbos requires no database or message queue. Policies can be loaded from a Git repository or Cerbos Hub, both of which work well with Fly.io deployments.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Amazon EC2
Amazon EC2Standalone binary or container PDP on EC2 with full instance control
Deployment
Amazon ECS
Amazon Elastic Container ServiceStateless PDP container running as an ECS task or Fargate sidecar
Deployment
Amazon EKS
Amazon Elastic Kubernetes ServiceHelm-managed Cerbos on EKS with IRSA and Fargate support
Deployment
Amazon Elastic Beanstalk
Amazon Elastic BeanstalkMulti-container Cerbos sidecar that auto-scales with Beanstalk instances
Deployment
Amazon Lambda
AWS LambdaEmbedded in-process PDP for serverless authorization with no network hop
Deployment
AKS
Azure Kubernetes ServiceCerbos on AKS with workload identity and Helm-based lifecycle management
Deployment

Cerbos + Fly.io

  • Cerbos runs alongside your workloads in Fly.io
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally
Book a free policy workshopTry the Playground