Security
Learn about our security-first approach to optimizing your AWS cloud spend.
MilkStraw AI is designed with security as a core principle, ensuring your workloads and data remain isolated and untouched. Our approach is built on isolation, least privilege, and rigorous reset-before-reuse practices.
Integration Security
Our integration with your AWS environment relies on a secure cross-account IAM role that you deploy.
- Cross-Account IAM Role: Resides within your AWS management account.
- Unique External ID: The role’s trust policy includes a unique external ID known only to Milkstraw.ai, preventing confused-deputy attacks and verifying the call origin.
- Temporary Credentials: We utilize temporary AWS STS credentials for each API call, avoiding the use of long-lived access keys.
Transfer Security
Onboarding and offboarding (accounts with savings) are managed through secure, controlled steps.
- Invite-Only: You initiate the transfer by creating an AWS Organizations invite for each milkbox account we provide.
- Single-Action Acceptance: Milkstraw AI accepts the invite from within the milkbox account; no other permissions are exchanged.
- Revocable: You can instantly detach a milkbox by removing the invite in AWS Organizations.
Least-Privilege Policy
Milkstraw AI operates with minimal necessary permissions to perform its function.
- Read-Only Role: We use a single read-only IAM role.
- No Resource Modification: This role can only monitor your usage and cost data; it cannot start, stop, or modify any of your resources.
- Limited Scope: The scope is limited strictly to the AWS APIs required for cost coverage analysis.
MilkBoxes Isolated by Design
MilkBoxes are engineered to be entirely separate from your existing environment.
- Zero-Access Architecture: They operate outside your VPCs, IAM roles, and networks.
- No Data Paths: There are no data paths between MilkBoxes and your workloads—only billing linkage.
- One-Way Isolation: You also have no access to MilkBoxes, which prevents potential lateral movement risks.
Reset-Before-Reuse
When a milkbox is no longer needed in your organization, it undergoes a thorough reset process.
- When your on-demand capacity or savings needs change, we remove the milkbox from your organization.
- The account is subjected to a “factory reset,” deleting all residual configuration and metadata.
- An account is only eligible to join another customer’s organization after this complete reset.
This process ensures that no information or configuration from your environment is ever carried over or shared with subsequent users of the milkbox account.
Underlying Safeguards
Our technical operations incorporate standard security best practices.
- Encryption: All control-plane communication with AWS over the cross-account role uses TLS 1.2 or higher encryption.
- Auditability: Every action performed by Milkstraw AI is logged in your AWS CloudTrail for full auditability.
- Best Practices: Our controls are designed in alignment with AWS Well-Architected principles and CIS benchmarks.
Billing security
We use Stripe as our payment gateway and we don’t store any payment details in our platform as we also delegate this to Stripe.