AWSDevTools

Security & Privacy

We never store your AWS data or credentials. All processing occurs in-memory, and results are stored exclusively in your AWS account with industry-leading security.

SOC 2 Type II Compliant

Security Architecture

Ephemeral Credentials

Short-lived credentials exist only in memory and are automatically destroyed after expiration or session closure.

  • 1-hour max lifetime & Encrypted in-memory storage
  • Automatic destruction on session end
  • Never persisted to databases

Read-Only by Default

All tools operate with read-only permissions unless write access is explicitly required.

  • Minimal required permissions
  • Principle of least privilege
  • Clear permission documentation

MFA for Write Operations

Any operation that modifies your AWS resources requires multi-factor authentication.

  • TOTP-based authentication
  • Backup codes available
  • Session-based MFA verification

Cross-Account Role Assumption

Secure access to your AWS account through IAM roles, not access keys.

  • External ID validation
  • Role-based access control
  • No direct credential sharing

Your Data Never Leaves Your Control

Zero Data Retention

We never store your AWS data. All processing occurs in-memory and results are stored exclusively in your AWS account.

  • No persistent data storage on our servers
  • In-memory processing only
  • Automatic data purging after processing
  • All reports stored in your S3/DynamoDB

Ephemeral Credentials

Temporary credentials are encrypted in-memory and automatically destroyed after use or session expiration.

  • TLS 1.3 encrypted in transit
  • AES-256 encrypted in memory
  • Automatic destruction after 1 hour
  • Never persisted to disk

Client-Side Storage

All generated reports and configurations are stored in your AWS account, never in our infrastructure.

  • Reports saved to your S3 buckets
  • Configurations stored in your DynamoDB
  • Metadata pointers only in our systems
  • You maintain full data ownership

Compliance & Certifications

SOC 2 Type II

Compliant

Audited security controls for service organizations

ISO 27001

In Progress

International standard for information security management

GDPR

Compliant

European data protection and privacy regulation

CCPA

Compliant

California Consumer Privacy Act compliance

Security Best Practices

Our commitment to maintaining the highest security standards

Data & Credential Security

  • Ephemeral in-memory credentials with auto-destruction
  • Zero persistent storage of sensitive data
  • Client-owned storage for all reports and configurations
  • End-to-end encryption for data in transit/at rest
  • Automatic purging of processed data

Infrastructure & Application Security

  • AWS-hosted with network segmentation
  • DDoS protection and regular security assessments
  • Secure coding practices with dependency scanning
  • Automated security monitoring and alerts
  • Process isolation and least privilege access

Incident Response

How we handle security incidents and keep you informed

Detection

24/7 monitoring and automated alerting systems

Response

Immediate containment and mitigation procedures

Communication

Transparent communication with affected users

Security Questions?

Our security team is here to answer any questions about our security practices, compliance, or how we protect your data.

security@awsdevtools.com
Security Documentation