Platform security at Stackery

Protecting your data is our priority

Stackery is a SaaS platform for designing, developing, and delivering AWS Serverless applications. Stackery wants to help you get the most out of AWS Cloud and Stackery does not want your data or your credentials.

Stackery is hosted in Amazon Web Services, located in US data centers. Read more about AWS Cloud Security.

  • Stackery encrypts all data in transit.
  • The Stackery service does not use user-based or permanent credentials to access customer AWS accounts.
  • The Stackery CLI does not transmit AWS credentials to the Stackery service or any other third-party service.
  • Stackery does not have the ability to extend its own functionality within customer AWS accounts.
  • Stackery stores almost all customer data within the customer’s AWS account.

Your data stays inside your own systems

Stackery works hard to integrate with your version control provider and AWS accounts to provide a broad management platform while ensuring your business data stays within your accounts.

Stackery only stores referential records and certain authentication tokens within its own data stores. All other customer data is kept inside the customer’s cloud service account, remains the property of the customer, and will remain even if the Stackery service is terminated.

For example, within its own systems, Stackery stores:

  • Stackery account data, including email addresses and names of users, and references to their cloud service accounts
  • Authentication data for Stackery to integrate with third-party services (e.g. GitHub)
  • Stackery resource data, such as reference records for Stacks, Environments, and Deployments
  • Data about our customers’ usage of Stackery itself

Stackery also accesses and processes data from customer cloud service accounts linked to Stackery. Stackery may generate and/or cause the cloud service provider to generate additional data within the customer’s cloud service account, such as log and trace data. Data residing in customer cloud service accounts is only accessed and processed in transit as customers use the Stackery service. Generally, data residing within customer cloud service accounts remain the property of the customer, whether generated by Stackery or not.

Your AWS credentials stay yours

Stackery follows AWS best practices when integrating with your AWS account to help you deliver your serverless applications.

Specifically, finely-scoped AWS IAM Roles are used for individual tasks that aid in your management of application infrastructure. These roles are assumed by Stackery as needed which grant temporary security credentials in IAM to Stackery using external IDs. Stackery does not have access to and cannot create long-lived credentials in your AWS account.

When Stackery assumes an IAM Role, a session name and other metadata such as the triggering username is provided as an audit trail within your AWS accounts' CloudTrail log.

You can learn more about the IAM Roles and the other resources deployed when you integrate an AWS account with Stackery in our docs.

From time to time, new functionality provided by the linkage between Stackery and the customer’s cloud service provider accounts must be updated to enable new features. Stackery provides a mechanism for customers to review account linkage updates and perform updates within the customer’s cloud service provider accounts. Stackery does not have capabilities or permissions to unilaterally update its linkage with customer accounts.

© 2021 Stackery. All rights reserved. Privacy Policy, Terms of Service.