Security in Idealstack


It's worth delineating what level of access the Idealstack system has:

  • Idealstack is a piece of software that connects to your AWS account through API's, particularly AWS cloudformation, to deploy your code
  • Idealstack is providing the software images for the hosting containers, and also the configuration script for the server instances

What we don't have:

  • Direct access, eg via SSH, to your systems.  
  • The ability to see or modify your code
  • The ability to see or modify your databases and other data storage
  • Idealstack deploys the AWS ECS-Optimised AMI without any modifications as it's base, so there's no opportunity for us to install 'root kits' or other low-level "hidden" compromises of the system

The main way you can have confidence in what our system does is that it does it transparently 

  • Firstly, because AWS operates through AWS Cloudformation, by viewing the cloudformation template you can see exactly what is being done 
  • You can also record and audit any of Idealstack's usage of AWS API's using (to identifiy if, for example, someone took the AWS key and did something else with it )
  • You can audit the hosting containers and server instance configurations because they are all running on your servers and you have full root-level access to them. 

And of course we take security pretty seriously in our own development process:

  • Critical information like your AWS access keys are stored encrypted using AWS KMS 
  • One of the main features of Idealstack is that we're handling security issues like OS Updates, AWS security rules etc in a better 'best practice' way than might be feasible for your own team to manage.