Infrastructure Security
Our infrastructure follows defense-in-depth principles. Every layer — from network to application — is hardened against attack.
Zero inbound ports
EC2 instances have no inbound security group rules. All management access is via AWS SSM Session Manager. Traffic reaches instances only through the Application Load Balancer, which terminates TLS and validates host headers.
IMDS blocking
Instance Metadata Service (IMDS) v1 is disabled. IMDSv2 requires a session token, preventing SSRF attacks from accessing instance credentials. Container iptables rules further block metadata endpoint access from within containers.
IAM least privilege
Every component — Lambda functions, EC2 instances, containers — runs with the minimum IAM permissions required. Instance roles are scoped to specific DynamoDB tables, S3 prefixes, and KMS keys. Cross-account access is not permitted.
Security headers
All responses include security headers: Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy. Headers are configured at the Nginx level and apply to all routes.
Rate limiting
API endpoints are rate-limited at the ALB and Nginx levels. Dashboard login attempts, webhook endpoints, and provisioning APIs all have independent rate limits to prevent abuse.