Read-Only Billing Access
Vantage uses read-only service accounts, service roles, API keys, and other read-only means to access billing data across all the integrations we use. This means we don’t store sensitive information, like account access keys and access key secrets, to use Vantage. Should you have any other questions, please feel free to email us at security@vantage.sh.Cross-Account IAM Roles on AWS
Vantage uses a Cross-Account IAM Role to sync information about your infrastructure resources. This method is the AWS-recommended approach. When you grant Vantage access to your account by running the provided CloudFormation stack, the stack creates a cross-account role with in-line policies selected by Vantage. These policies are a trimmed-down version of the policies in the AWS-managedReadOnlyAccess
policy, but we’ve removed actions that would otherwise allow us to access sensitive information in databases, buckets, and certain services. Our CloudFormation template is open source and hosted publicly for transparency.
Customizing Cross-Account Role Permissions
Vantage requests various in-line read-only permissions when creating the cross-account role on your behalf; however, we understand this can be too broad of a permission set for certain use cases. As a result, we do allow you to create Cross-Account IAM roles with whatever permissions you’re comfortable with. However, keep in mind that narrowing the scope of the role’s permissions will limit certain functionality in Vantage. If you email support@vantage.sh in advance, we can facilitate provisioning your account with a custom role. Please note that we will provide you with some custom attributes to associate with your Cross-Account IAM Role to prevent the “confused deputy” problem. As a result, you will need to contact Vantage support before you create the role.Data Revocation
In the account Settings section, you can revoke the Cross-Account IAM Role at any time. Automatically and nearly instantly, Vantage will delete all data associated with that Cross-Account IAM Role. Note that the deletion doesn’t remove the set of custom Vantage views you’ve created; however, these views will be empty, as there are no longer any resources. In the account Settings section, you also can delete your account. Once you delete your account, all data is deleted as well.Data Sharing
We do not share any data externally. We do not sell or share any user data with any third parties.Frequently Asked Questions
Does Vantage periodically perform penetration tests?
Does Vantage periodically perform penetration tests?
Does Vantage hold any security certifications, such as SOC 1, SOC 2, or ISO 27001?
Does Vantage hold any security certifications, such as SOC 1, SOC 2, or ISO 27001?
In terms of application security, how does Vantage deal with security reports received from security researchers? In other words, does Vantage have a bug bounty program or a straightforward process to report security issues?
In terms of application security, how does Vantage deal with security reports received from security researchers? In other words, does Vantage have a bug bounty program or a straightforward process to report security issues?
Does Vantage support 2FA, SSO, or any defensive options?
Does Vantage support 2FA, SSO, or any defensive options?
How is customers’ data protected, and who has access to Vantage data?
How is customers’ data protected, and who has access to Vantage data?
Do you have a list of third parties Vantage uses that explains what each third party is allowed to access and its purpose?
Do you have a list of third parties Vantage uses that explains what each third party is allowed to access and its purpose?
Do you have a security contact person in case of breaches?
Do you have a security contact person in case of breaches?
Do you log access activities of Vantage’s employees who have access to the data?
Do you log access activities of Vantage’s employees who have access to the data?
Does Vantage store any information regarding cloud infrastructure in the database?
Does Vantage store any information regarding cloud infrastructure in the database?
Does Vantage use fixed IP addresses when connecting to external providers, such as AWS or Azure?
Does Vantage use fixed IP addresses when connecting to external providers, such as AWS or Azure?
54.87.66.45
3.95.43.133
54.162.3.72
44.199.143.63
3.218.103.23