cmpute.io platform manages cloud resources for the customer. To enable operations, the platform requires permissions to perform specific operations on behalf of the customer. This is achieved by creating an AWS IAM Role in the customer account that attaches the following policies.
Trust Policy Who can access the role Permission Policy What actions can be performed when someone assumes the role IAM Role Access When a new cloud account is attached with cmpute. »
Instance Profile The cmpute.io platform infrastructure are managed as per the standard AWS security recommendations. The compute infrastructure are always attached to run with an Instance profile that allows limited access to perform operations. The applications are written to use the Instance profile credentials which are automatically rotated every hour. The applications do not use any credentials stored in local store and always use the credentials available as part of the instance security store. »
Authentication Credential Access Customer credentials are stored securely in cmpute.io data infrastructure. The credentials are hashed to ensure that they cannot be retrieved in its original form. The password is one way hashed and cannot be decrypted. Cryptography implements a password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA256. The 128 bit Salt uses a 256 bit sub key and generates the hash by iterating 10,000 cycles. »