Retool-managed deployment ownership and responsibilities
Information about the ownership and responsibilities for Retool-managed, self-hosted deployments.
Retool-managed, self-hosted deployments are available for invoiced customers. Contact your Retool account manager to learn more.
Retool-managed, self-hosted deployments operate using a shared responsibility model. This governs whether Retool, the customer, or both are responsible for implementing or maintaining each part of the deployment.
Shared responsibility covers the infrastructure and management of the deployment:
- Infrastructure: Shared responibilities for each service of the deployment.
- Management: Shared responibilities for managing and maintaining each aspect of the deployment.
Infrastructure responsibilities
| Resource | Owner | Layer |
|---|---|---|
| CloudFormation stack | Customer | Support |
| Secrets and environment variables | Customer | Support |
| DNS and private network configuration | Customer | Support |
| IAM roles and policies | Retool | Support |
| VPC | Retool | Support |
| EKS cluster and pods | Retool | Services |
| RDS PostgreSQL database (main) | Retool | Services |
| Application Load Balancer (ALB) | Retool | Services |
| Certificate renewal with AWS Certificate Manager (ACM) | Retool | Services |
| Route53 DNS zones and records | Retool | Services |
| Amazon RDS PostgreSQL database for Retool Database (optional) | Retool | Services |
| Amazon S3 bucket for Retool Storage (optional) | Retool | Services |
| ElastiCache Redis instance for Retool RPC (optional) | Retool | Services |
Management responsibilities
| Responsibility | Owner | Description |
|---|---|---|
| Deployment updates and upgrades | Retool | Perform security updates and scheduled release upgrades of self-hosted Retool. |
| Deployment health | Retool | Monitor the health of the instance. |
| Scaling | Retool | Scale backend resources, such as CPU, memory and storage. |
| Enable optional features | Retool | Configure optional Retool features, such as Retool Database. |
| Supported configuration changes | Both | Configure changes and, if necessary, create necessary data stores. |
| Migrations | Both | Migrate an existing Retool deployment. Migration options are dependent on each situation. Contact your Retool account manager to discuss. |
| Software observability | Customer | Monitoring, testing, and maintenance of user-built Retool software, such as apps and workflows. |
| AWS account management | Customer | Manage ownership and costs related to the AWS account. |
| User management | Customer | Manage Retool users who use and build software. |
| Secrets and environment variable handling | Customer | Securely handle and store secrets and environment variables, such as encryption keys. |
| Data sources (resources) | Customer | Connect your data sources for use in Retool software. |
| SSO | Customer | Configure single-sign on to authenticate users in your organization. |
| Restrict access to VPC resources | Customer | Prevent changes being made to VPC resources, such as the Amazon EKS cluster, used for the Retool instance. |
| Custom configuration options | Customer | Configure and maintain any custom configuration options, such as VPN access or PrivateLink. |