In this page you will find more details on unusd security and how we handle data.
🧙 Hub and Spoke model
unusd.cloud is using the Hub and Spoke model with an AWS IAM Role on each of your AWS accounts to be able to call a few describe and list (read-only) AWS API to track your unusd resources and spending information.
The AWS IAM Role uses an ExternalId which is unique by customer, so we get rid of the confused deputy problem.
👀 Read-only permissions
You will find below the read-only actions allowed on the unusd.cloud AWS IAM Role:
Updated on 2022-07-14
💾 Data storage
We do not persist information related to your AWS account or any confidential AWS information. we only store unusd.cloud meta data configuration items:
- AWS AccountIDs
- Email configuration settings
- Webhooks (Slack / Microsoft Teams) URLs
- Prefered scan schedule
🔒 Encryption
We are using TLS encryption at-rest and in-transit.