Security

As an infrastructure tool that requires access to your cloud provider we understand there may be questions around our processes and procedures. Our team has a background in fintech and financial services and is applying best practices learned in these industries to ensure security is handled as best it can be. In addition, we use SteadyBricks for our own infrastructure, to more closely align our security concerns with those of our customers.

Cross Account IAM Roles

SteadyBricks leverages something called Cross Account IAM Roles to sync information about your infrastructure resources. This means we don't store sensitive information like account access keys and access key secrets in order for you to use SteadyBricks. This method is the AWS recommended approach and is detailed in-depth by AWS here for you to learn more. When you grant access to your AWS account to SteadyBricks by running the provided CloudFormation script, it creates a cross-account role with in-line policies selected by SteadyBricks. Should you have any other questions please feel free to email us at support@steadybricks.com.

List of permissions we require through our IAM role

ec2:DescribeInstances
ec2:DescribeNetworkInterfaces
ecs:DescribeClusters
ecs:DescribeService
ecs:DescribeTasks
ecs:ListClusters
ecs:ListTasks
eks:DescribeCluster
eks:DescribeNodegroup
eks:ListClusters
eks:ListFargateProfiles
eks:ListNodegroups
elasticloadbalancing:DescribeLoadBalancers
elasticloadbalancing:DescribeTags
elasticloadbalancing:DescribeTargetGroups
elasticloadbalancing:DescribeTargetHealth
rds:DescribeDBClusters
rds:DescribeDBInstances
ec2:StartInstances
ec2:StopInstances
ecs:UpdateService
eks:UpdateNodegroupConfig
rds:StartDBCluster
rds:StartDBInstance
rds:StopDBCluster
rds:StopDBInstance
aws-portal:View*
budgets:Describe*
budgets:View*
ce:Describe*
ce:Get*
ce:List*
cur:Describe*
organizations:Describe*
organizations:List*
pricing:*
savingsplans:Describe*
cloudwatch:DeleteAlarms
cloudwatch:DescribeAlarmHistory
cloudwatch:DescribeAlarms
cloudwatch:DescribeAlarmsForMetric
cloudwatch:GetMetricData
cloudwatch:GetMetricStatistics
cloudwatch:GetMetricStream
cloudwatch:ListMetricStreams
cloudwatch:ListMetrics
cloudwatch:PutMetricAlarm