Security in Idealstack
It's worth delineating what level of access the Idealstack system has:
- Idealstack is a piece of software that connects to your AWS account through API's, particularly AWS cloudformation, to deploy your code
- Idealstack is providing the software images for the hosting containers, and also the configuration script for the server instances
What we don't have:
- Direct access, eg via SSH, to your systems.
- The ability to see or modify your code
- The ability to see or modify your databases and other data storage
- Idealstack deploys the AWS ECS-Optimised AMI without any modifications as it's base, so there's no opportunity for us to install 'root kits' or other low-level "hidden" compromises of the system
The main way you can have confidence in what our system does is that it does it transparently
- Firstly, because AWS operates through AWS Cloudformation, by viewing the cloudformation template you can see exactly what is being done
- You can also record and audit any of Idealstack's usage of AWS API's using https://aws.amazon.com/cloudtrail/ (to identifiy if, for example, someone took the AWS key and did something else with it )
- You can audit the hosting containers and server instance configurations because they are all running on your servers and you have full root-level access to them.
And of course we take security pretty seriously in our own development process:
- Critical information like your AWS access keys are stored encrypted using AWS KMS
- One of the main features of Idealstack is that we're handling security issues like OS Updates, AWS security rules etc in a better 'best practice' way than might be feasible for your own team to manage.