Possible to force geographic location for worker / workflow invocation?
I notice in a workflow that's being executed via
cron that it's being invoked in datacenters in Poland or Singapore. This poses a problem as I have a restriction at the domain level that contains my workers to reject all traffic from outside the US (this is a US-specific application / integration). What this means is that if my workflow is invoked and run on a non-US datacenter and proxies a fetch request to another worker on my domain, those requests are being rejected since the workflow worker is being invoked by Cloudflare's cron from outside the US.
I have mitigated this by adding a header to these requests and creating another security rule to allow these requests through if they contain the header but it feels... janky.
Instead, is it possible to force invocation of a specific domain's workers (or do this on the worker itself) only use US datacenters?6 Replies
Cloudflare Docs
Data Localization Suite
The Data Localization Suite (DLS) is a collection of tools that enable customers to choose the location where Cloudflare inspects and stores data, while maintaining the security and performance benefits of our global network.
@HardlyWorkin' seems to be Enterprise-only?
Someone else recommended having a DO using https://developers.cloudflare.com/durable-objects/reference/data-location/ invoke the workflow instead. Would this be the non-Enterprise solution?
Cloudflare Docs
Data location
Jurisdictions are used to create Durable Objects that only run and store data within a region to comply with local regulations such as the GDPR or FedRAMP.
I don’t think invoking a Workflow from a given place guarantees that the Workflow instance will spawn there
What determines where a Workflow is executed? What I can see is that if I execute the Workflow by triggering it from the Cloudflare web dashboard, it executes near my location (and I don't experience the issue) but if it's executed via cron, it's always coming from Poland or Singapore. This leads me to believe there's something related to invocation source that impacts this?
Hm, maybe you can try with a DO then?
I’m not entirely sure what causes placement in a given location
Just that I don’t think Workflows gives you explicit control over it