cloud-concierge
  • Introduction
  • Quick Start
  • Running cloud-concierge
    • Environment Variables
    • Supported Tech Stack
    • Running Imports with CI/CD
  • How it Works
    • Pull Request Output
  • 🔓Security
  • Contributing
  • Supported Cloud Resources
    • AWS
    • Azure
    • GCP
  • Community + Resources
Powered by GitBook
On this page
  • (O) Open source by design
  • (1) No sensitive data on your cloud posture ever leaves your existing tool set.
  • (2) cloud-concierge only requires read-only permissions for your cloud environment.
  • (3) Changes are recommended via Pull Request, never made directly.
Edit on GitHub

Security

PreviousPull Request OutputNextContributing

Last updated 1 year ago

(O) Open source by design

The entire container code is open sourced under an Apache 2.0 license, and is viewable/auditable at any time.

(1) No sensitive data on your cloud posture ever leaves your existing tool set.

  • The cloud-concierge container is self-hosted for all executions

  • After container execution, cloud posture and codification results are exposed through a pull request within your existing VCS

(2) cloud-concierge only requires read-only permissions for your cloud environment.

When generating roles for cloud-concierge to be able to complete the requisite cloud scanning, only read-only permissions should be granted. If accessing state files from a storage bucket, then the credentials should have read access to only that storage bucket.

(3) Changes are recommended via Pull Request, never made directly.

The cloud-concierge container will never directly make changes to your Terraform code base. It will (via a ) only open a Pull Request in your VCS containing recommended changes and import blocks/import statements.

  • Like all other code, your developers have final sign-off and approval on whether to merge the suggestions.

  • Comments, discussions and changes to the original cloud-concierge suggestions are all recorded within your VCS.

  • All Terraform workflows are run by your existing set up, be it open-source or built off a managed offering like Terraform Cloud.

🔓
cloud-concierge
GitHub App