Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

In order for API Inspect to deliver its continuous discovery service on Amazon Web Services (AWS) environments, Data Theorem strictly follows Amazon’s guidance only. The following is a detailed overview on how AWS provides Read-Only access to third parties for auditing and monitoring.

Using the least privilege model, Data Theorem only requires access to the following read-only AWS policies and role:

  • Read only access to API Gateway g. "Action": ["apigateway:GET"]
  • Permission to Amazon’s SecuritAudit role

Below describes the SecurityAudit role policy maintained and supplied by Amazon:


AWS managed policy name: SecurityAudit

Use case: This user monitors accounts for compliance with security requirements. This user can access logs and events to investigate potential security breaches or potential malicious activity.

Policy description: This policy grants permissions to view configuration data for many AWS services and to review their logs.

As a leading application security company protecting some of the largest and most valued companies in the world, Data Theorem maintains strict procedures that are audited by independent third parties to ensure our customers’ privacy and data are kept confidential.

From AWS Administration standpoint, customers can monitor Data Theorem’s activities within AWS by enabling CloudTrail logging. CloudTrail is an AWS service that captures a log of all API calls for a given AWS account, and its services. Using CloudTrail, customers can monitor and conduct post-incident forensic investigations of AWS with an audit trail of all activities across a customer’s infrastructure. All CloudTrail logs files are stored in a dedicated S3 bucket.

To obtain additional details on the access level privileges of the SecurityAudit role (e.g. version 26 policy is the latest default policy), please access the following link from AWS:

In summary, here are some important points to keep in mind:

  1. Using the SecurityAudit role policy provides a managed policy maintained and supplied by Amazon that should evolve and improve as additional services are created within AWS.
  2. The SecurityAudit role policy is Amazon’s recommended approach for allowing read-only access to third parties for security monitoring.
  3. Data Theorem activities within AWS are logged via CloudTrail for tracking and auditing purposes, if needed.
  4. Data Theorem designs its software to avoid accessing any data stored within its customer databases and file systems by default.
  5. Data Theorem security practices are frequently audited by independent third parties to ensure our customers’ privacy and data are kept confidential.
  • No labels