Security in Idealstack

 

It's worth delineating what level of access the Idealstack system has:

• Idealstack is a piece of software that connects to your AWS account through API's, particularly AWS cloudformation, to deploy your code
• Idealstack is providing the software images for the hosting containers, and also the configuration script for the server instances

What we don't have:

• Direct access, eg via SSH, to your systems.  
• The ability to see or modify your code
• The ability to see or modify your databases and other data storage
• Idealstack deploys the AWS ECS-Optimised AMI without any modifications as it's base, so there's no opportunity for us to install 'root kits' or other low-level "hidden" compromises of the system

The main way you can have confidence in what our system does is that it does it transparently 

• Firstly, because AWS operates through AWS Cloudformation, by viewing the cloudformation template you can see exactly what is being done 
• You can also record and audit any of Idealstack's usage of AWS API's using https://aws.amazon.com/cloudtrail/ (to identifiy if, for example, someone took the AWS key and did something else with it )
• You can audit the hosting containers and server instance configurations because they are all running on your servers and you have full root-level access to them. 

And of course we take security pretty seriously in our own development process:

• Critical information like your AWS access keys are stored encrypted using AWS KMS 
• One of the main features of Idealstack is that we're handling security issues like OS Updates, AWS security rules etc in a better 'best practice' way than might be feasible for your own team to manage.