Security

Security principles

• 1

  Least Privilege

  The IAM role only has 4 RDS permissions: Describe, ListTags, Start and Stop. No destructive actions, no data access.

• 2

  No key storage

  No AWS access keys are stored. Credentials are obtained on demand via STS and automatically expire after 1 hour.

• 3

  Mandatory External ID

  Each connection uses a unique UUID (External ID) to prevent "confused deputy" attacks. Without this ID, the role cannot be assumed.

• 4

  Organization isolation

  Each organization has its own AWS accounts, resources and schedules. Data is isolated via Row Level Security (RLS) in PostgreSQL.

No data access

This is fundamental: SnoozeDB cannot read or modify the contents of your databases. The granted IAM permissions are strictly limited to controlling the state (started/stopped) of your instances.

Authentication

User authentication is managed by Supabase Auth (based on GoTrue). Sessions are secured via HttpOnly cookies with JWT tokens.

Multi-factor authentication (MFA) is supported and recommended for admin accounts.

Data storage

SnoozeDB only stores metadata necessary for its operation:

• RDS instance identifiers (ARN, name, region, size)
• Schedules and Start/Stop operation history
• Role ARN and External ID for cross-account connection

Row Level Security

All PostgreSQL database tables use Row Level Security (RLS). Each query is automatically filtered to only return data from the connected user's organization. No user can access another organization's data, even in case of an application bug.

Compliance

SnoozeDB infrastructure is hosted on European servers. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We follow AWS Well-Architected Framework recommendations for security.