- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloudcraft uses cross-account roles to access your AWS account, which is considered the secure way to access your AWS environment by AWS themselves. Because of this, you must create a secure read-only role in your AWS account that is specific to Cloudcraft and can easily be revoked at any time.
To restrict the access that Cloudcraft has even further, you can create a stricter minimal access policy that gives read-only access to the components you want to use with Cloudcraft, further minimizing the amount of data the Cloudcraft role could theoretically access.
By design, Cloudcraft does not store the data from a live scan of your environment. The generated blueprints only contain the minimal information required for the graphical blueprint representation, as well as ARN identifiers for AWS resources that link the diagram components to the live data at runtime.
The data from your AWS environment is streamed in real-time to your browser via Cloudcraft’s own AWS environment using role-based access, and is stored client-side while you are using the application. When you close the application, the live data is removed.
While not having write access to your account prevents Cloudcraft from offering certain features — like deleting an EC2 instance on both the diagram and your account — it is simply a more secure approach.
Cloudcraft implements rigorous security processes and controls as part of the SOC2 compliance program. You can read more about Cloudcraft’s security program and controls on the security page.