Deploy Cerbos on Fly.io
Deploy the Cerbos PDP on Fly.io for low-latency authorization decisions close to your users across multiple regions.
Multi-region
Deploy Cerbos instances close to your users across Fly.io regions for low-latency authorization decisions
Stateless scaling
Scale horizontally across regions with no coordination, each instance loads policies independently
Simple deployment
Define a fly.toml and deploy with a single command using the official Cerbos container image
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Fly.io gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to deploy Cerbos on Fly.io
- Create a fly.toml, Define your Fly.io app configuration referencing the official Cerbos container image and exposing the HTTP and gRPC ports.
- Configure policy loading, Set environment variables or mount a config file to point Cerbos at a Git repository or Cerbos Hub for policies.
- Deploy, Run
fly deployto launch the Cerbos PDP on Fly.io infrastructure. - Scale to regions, Use
fly scale countandfly regions addto place Cerbos instances close to your users.
FAQ
How do I deploy Cerbos on Fly.io?
Create a fly.toml that references the official Cerbos container image, configure your policy source, and run `fly deploy`. Cerbos runs as a stateless service that Fly.io can place in any region.
Can I run Cerbos in multiple Fly.io regions?
Yes. Because Cerbos is stateless, you can scale to multiple regions with `fly scale count`. Each instance loads policies independently from Git or Cerbos Hub.
Does Cerbos require any external dependencies?
No. Cerbos requires no database or message queue. Policies can be loaded from a Git repository or Cerbos Hub, both of which work well with Fly.io deployments.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Fly.io
- Cerbos runs alongside your workloads in Fly.io
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.