Skip to content
CarneyCorp CarneyCorp Docs

Security & Data Handling

Security and trust are central to how this audit is designed.

We use a read-only, least-privilege approach to ensure your system remains safe at all times.

If you want a line-by-line explanation of the policy scope, see Permissions Explained.

Read-Only Access

Section titled “Read-Only Access”

If you choose to provide access, it is strictly read-only.

This means we can:

  • View cost and billing data
  • Review configuration (e.g., Lambda settings)
  • Access usage and performance metrics

This also means we cannot:

  • Modify infrastructure
  • Deploy or change code
  • Delete resources
  • Change permissions
  • Start or stop services

No Access to Application Data

Section titled “No Access to Application Data”

The audit focuses on infrastructure and cost data only.

We do not access:

  • Application-level data
  • Customer data
  • Database records
  • S3 object contents

Limited Scope Access

Section titled “Limited Scope Access”

We use a custom policy that only includes permissions required for:

  • Cost analysis
  • Usage metrics
  • Configuration review

We do not request broad administrative or full read access.

External ID Protection

Section titled “External ID Protection”

When setting up access, you will be asked to enter an External ID.

This ensures that:

  • Only your specific audit engagement can assume the role
  • Other parties cannot use the role, even if they know our account ID

Temporary Access

Section titled “Temporary Access”

Access is only used for the duration of the audit.

After the audit is complete:

  • You can remove access at any time
  • No ongoing connection is required

No Changes Made to Your System

Section titled “No Changes Made to Your System”

The audit is non-invasive.

We do not:

  • Make changes to your infrastructure
  • Run scripts in your environment
  • Deploy any code

All analysis is performed externally using read-only access.

Data Handling

Section titled “Data Handling”

We use the data collected solely to:

  • Analyze cost and usage
  • Identify optimization opportunities
  • Generate your audit report

We do not use your data for any other purpose.

Alternative Option

Section titled “Alternative Option”

If you prefer not to grant access, you can:

  • Export and share cost data instead

See: Export AWS Cost & Usage Data

Questions?

Section titled “Questions?”

If you have any questions or concerns, we’re happy to walk through the setup and access model during your onboarding call.