Communication

All Perun Cloud’s communications are done via TLS/Https protocols. We are using the most strict security policies to minimize the surface attack as possible. The agent communicates with the backend services via rabbit protocol over TLS tunnel. In order to deploy the agent we use the cloud API, which requires basic permissions. (You can find exactly what permissions Perun Cloud uses in the next section.) Using the AWS provider the ‘assume role’ function is applied, eliminating the need to create a user with static credentials. Instead, we are using tokens that have a short expiration date. All communications to the cloud API are done via Vault and the credentials are never logged or saved on Perun Cloud’s systems. They use disposable, one time, keys. The user can access his environments via the Perun Cloud ingress or whitelisting an IP.