🔒 Security
The security measures employed by unusd.cloud and our data handling practices are detailed in this page.
🧙 Hub and Spoke model
Our AWS IAM Role on each of your AWS accounts utilizes the Hub and Spoke model in order to track your unutilized resources and spending information through a few read-only AWS API calls.
The ExternalId
or CustomerID
employed by the AWS IAM Role is unique to each customer, effectively eliminating the confused deputy problem.
👀 Read-Only Permissions
Our AWS IAM Role is limited to read only actions which are listed below:
💾 Data storage
We do not persist any confidential AWS information. Only meta data configuration items are stored:
- AWS AccountIDs
- Email settings
- Webhooks (Slack / Microsoft Teams) URLs
- Prefered scan schedule
- History of potential savings and wasted resources (Reports)
🔒 Encryption Everywhere
TLS encryption is employed both at-rest
and in-transit
.