Platform Connections

Do you require Administrator (AWS) or Owner (Azure) permissions?

To back up and restore data on demand, GRAX requests a high level of continual access to Salesforce.

Likewise to create and continually manage deployments, GRAX requests a high level of continual access to cloud providers.

Creating resources, and automatically updating resources for maintenance, security, and architecture improvements requires a high level of permission. Granting cloud platform managed policies like Administrator and Owner roles are the easiest way to guarantee everything works continually.

But all permissions are ultimately in your control. Permissions are also expected to change and even be completely lost over time.

GRAX uses whatever permissions it has to try to create or update resources, and surfaces any errors encountered when doing so. GRAX proactively reaches out when permission errors are causing a major problem in ongoing operations.

If your security policies don't allow cross account access or require permissions that are not suitable to create and update GRAX resources, self-managed deployments don't require granting any access to GRAX.

What are the benefits of cross account access?

Compare the security profile and total cost of ownership (TCO) of these two options:

  • a system configured and updated with machine-to-machine automation
  • a system that requires direct access by many people to set up and update

The former requires 0 people in the process, takes 30 minutes for the initial set up, and is automatically updated with security improvements over the entire lifetime of the system.

The latter can take many people weeks in the initial process to set up and weeks again to find the right people to perform security updates. It adds new risks of many people having access and passwords to systems, making configuration mistakes, and delaying security updates.

Multiply this by every additional system you create to backup additional sandbox and production environments and every security update required over the years of maintaining a system; you'll see that the security profile is significantly higher and the TCO is significantly lower by automating everything.

GRAX maintains isolated accounts with cross account automation for all "GRAX Cloud" environments, and recommends the same exact security best practices and service to self-managed customers.

What are the security implications of cross account access?

At GRAX, information security is job number one. We have designed security into every layer of our product and system management. Cross account access, combined with fully automated system setup and updates, provides the best security for all our customers and their sensitive data. GRAX uses the following best security practices:

Isolation starting at the Account Layer

Account isolation eliminates the risk of GRAX systems accessing other systems and data and vice-versa. GRAX requires that you run in an isolated account. Our certified templates provide further isolation at the VPC, EC2, database, and storage layers.

Automation to setup and manage systems

Automation eliminates configuration mistakes on first setup and enables fast delivery of updates for critical security improvements.

Automation removes people from the process; people are prone to make configuration mistakes and can be slow to apply security updates. Configuration mistakes and running outdated components are in the top 10 application security risks.

GRAX utilizes Terraform for the deployment of all infrastructure. The Terraform modules are available on request for review.

Password-less IAM roles

Password-less roles eliminate the risk of leaking credentials and guarantee only authorized machines have access to systems and leave an audit trail.

This eliminates static credentials that can leak and need to be rotated. It improves the ability to audit, where any access to your account other than the GRAX role, and any access to your bucket other than the GRAX Instance role, can trigger security review.

How can I audit cross-account access?

All cross account API calls are logged by AWS to CloudTrail. These logs always include the Role ARN and required Role Session Name, both of which include "GRAX". With the cross-account role, anything other than the GRAX role in CloudTrail logs is suspicious.

You can set up CloudWatch alarms for CloudTrail events to filter events and send notifications when anything other than the expected roles access your systems.

Can I remove cross-account access?

GRAX always leaves you in total control. At any time you can remove the cross-account role with the IAM Delete Role operation, then put it back as-needed. Note that removing the role disables GRAX ability to automatically push infrastructure security updates.