Overview
You have connected your AWS accounts to CloudFix and want to know the data that is stored and transmitted by CloudFix.
Information
The CloudFix Finder IAM role collects two types of data:
- Cost & Usage Reports are read by CloudFix in order to analyze costs and create savings estimates.
- CloudWatch metrics are used to collect usage data. You can see the APIs called by CloudFix using CloudTrail.
- The CloudTrail entries are annotated with a CloudFix role, identifying them as CloudFix-originated access. Where relevant, the logs will identify the originating user.
CloudFix does not have permission to read actual user data. Eg: CloudFix can read metrics about your AWS bucket to see how much they cost but it cannot access any of the data in the bucket.
The CloudFix Permission Model article provides information on how these strict permission boundaries are maintained and hence, allows you control of what CloudFix Fixers can do.