Platform Connections

What Does GRAX Use the Platform Connection for?

GRAX uses the access granted to your Cloud Platform to manage your deployment of the GRAX Application; This responsibility includes creation, monitoring, and maintenance of the infrastructure. As GRAX launches new features and cloud platforms release new versions of resources, GRAX will apply necessary infrastructure updates and improvements to bring you the most cost effective and secure deployment possible.

The specific resources needed by the GRAX Application varies by Cloud Platform and will change over time as those platforms update their offerings and features are added to the GRAX Application. For example resources, you can review our Architecture Documentation and suggestions on account auditing are discussed here.

What are the benefits of GRAX Managed Deployments?

Compare the security profile and total cost of ownership (TCO) of these two options:

• a system configured and updated with machine-to-machine automation
• a system that requires direct access by many people or teams to set up and update

The former requires 0 people in the process, takes 30 minutes for the initial set up, and is automatically updated with security improvements over the entire lifetime of the system.

The latter can take many people weeks in the initial process to set up and weeks again to find the right people to perform security updates. It adds new risks of many people having access and passwords to systems, making configuration mistakes, and delaying security updates.

Multiply this by every additional system you create to backup additional sandbox and production environments and every security update required over the years of maintaining a system; you'll see that the security profile is significantly higher and the TCO is significantly lower by automating everything.

GRAX maintains isolated accounts with cross-account automation for all "GRAX Cloud" environments, and recommends the same exact security best practices and service to self-managed customers.

Do you require Administrator (AWS) or Owner (Azure) permissions?

To create and continually manage deployments, GRAX requests a high level of continual access to cloud providers.

Creating resources and automatically updating resources for maintenance, security, and architecture improvements requires a high level of permission. Granting cloud platform managed policies like Administrator and Owner roles are the most straightforward way to guarantee everything works continually and allows GRAX to administer your deployment with minimal and manual intervention by your Operations teams.

But all permissions are ultimately in your control. If you no longer wish GRAX to have access to the Cloud account dedicated to the GRAX Application, the associated roles and principals can be destroyed. However, GRAX cannot manage your deployment by providing support, patching, updates, improvements, or monitoring for infrastructure deployed in Cloud environments that we do not have access to or to which access was prevented for an extended period of time, even if access is restored.

If your security policies don't allow cross-account access or require permissions that are not suitable to create and update GRAX resources, self-managed deployments do not require granting any access to GRAX.

What are the security implications of GRAX's cross-account access?

At GRAX, information security is job number one. We have designed security into every layer of our product and system management. Cross-account access, combined with fully automated system setup and updates, provides the best security for all our customers and their sensitive data. GRAX uses the following best security practices:

Isolation starting at the Account Layer

Account isolation eliminates the risk of GRAX systems accessing other systems and data and vice-versa. GRAX requires that you run in an isolated account. Our certified templates provide further isolation at the VPC, EC2, database, and storage layers.

Automation to setup and manage systems

Automation eliminates configuration mistakes on first setup and enables fast delivery of updates for critical security improvements.

Automation removes people from the process; people are prone to make configuration mistakes and can be slow to apply security updates. Configuration mistakes and running outdated components are in the top 10 application security risks.

GRAX utilizes Terraform for the deployment of all infrastructure. The Terraform modules are available on request for review.

Password-less IAM roles

Password-less roles eliminate the risk of leaking credentials and guarantee only authorized machines have access to systems and leave an audit trail.

This eliminates static credentials that can leak and need to be rotated. It improves the ability to audit, where any access to your account other than the GRAX role, and any access to your bucket other than the GRAX Instance role, can trigger security review.

How can I audit GRAX's cross-account access?

All cross account API calls are logged by AWS to CloudTrail. These logs always include the Role ARN and required Role Session Name, both of which include "GRAX". With the cross-account role, anything other than the GRAX role in CloudTrail logs is suspicious.

You can set up CloudWatch alarms for CloudTrail events to filter events and send notifications when anything other than the expected roles access your systems.

Can I remove GRAX's cross-account access?

GRAX always leaves you in total control. At any time you can remove the cross-account role with the IAM Delete Role operation. Removal of GRAX's access to manage your applications and infrastructure constitutes a termination of GRAX's responsibility to manage, patch, upgrade, and monitor your deployment. If you remove GRAX's access, you are responsible for the security and maintenance of your deployment as well as all future upgrades. GRAX does not guarantee that a deployment can be restored to a managed state after access has been removed for any period of time.

If GRAX discovers that access has been removed, GRAX will notify the applicable application owners repeatedly over a reasonable period, but has no means to restore access independently.