You want to know the scope of what CloudFix can perform in your AWS environment and the permissions required for it.
- CloudFix integrates into your existing security infrastructure, using Identity Access Management (IAM) roles in AWS. Below is the information related to the same:
- IAM roles have administrative permissions that you can see here in our IAM policy. This policy defines what the IAM role can and cannot do within your environment.
- CloudFix installs two IAM roles - one for our Finder and one for our Fixer. IAM roles are similar to IAM user accounts that you may already use.
- IAM roles do not have any long-term credentials, passwords, or access keys. or permissions. Instead, access keys are created dynamically and provided to the role temporarily
- You can look at the Billing and Resource templates that CloudFix uses to create the AWS Stack. These templates define what that Stack is permitted to do within the AWS environment. The templates are available here: