Security

Read-only billing access

SavingsNow uses read-only service accounts, service roles, API keys, and other read-only methods to access billing data. Sensitive information such as account access keys and secrets are not stored.

Cross-account IAM roles on AWS

SavingsNow uses cross-account IAM roles to synchronize infrastructure resources information. This AWS-recommended method grants access through a CloudFormation stack, creating a cross-account role with a simplified read-only policy. These policies are simplified versions of AWS-managed read-only access policies, specifically tailored to exclude any behaviors that could grant access to sensitive information in databases, buckets, and certain services. Our CloudFormation template is open-source and publicly hosted to ensure transparency.

Customizing cross-account role permissions

SavingsNow requests various inline read-only permissions when creating cross-account roles; However, these permissions may be too broad for specific scenarios. Therefore, you can create a cross-account IAM role with custom permissions to suit your needs. Note that narrowing permissions may limit some functionalities of SavingsNow. For custom role configuration, contact SavingsNow support to obtain custom attributes to associate with your IAM role to prevent confusion. Ensure contact support before creating the role.

No user data is shared or sold to any third parties.

Read-only billing access​

Cross-account IAM roles on AWS​

Customizing cross-account role permissions​

Data sharing​

Read-only billing access

Cross-account IAM roles on AWS

Customizing cross-account role permissions

Data sharing