CLOUD TEAM Security Guidelines

1. We need access only to metadata, i.e. – cost, names, tags, configuration, performance metrics for your resources.

2. We do not need access to read the data itself, i.e. – we cannot login to VM’s or read the objects inside the storage accounts \ S3 buckets.

3. 2 types of access:

a. Applicative user – for our automation platform (cloudhiro) to log in. Azure – Service principal, AWS – role

b. Standard users – for our Devops\FinOps to login to your portal.

4. At the beginning, we will need read-only for this metadata, and if you would like us to change \ add \ delete we will need more permissions, for example to tag all resources, to create policies, etc.

5. We are not handling or storing any PII (Personal Identifiable Information).