Security Model¶
Argus is designed to be safe to deploy in production environments. This page documents the security boundaries and data handling.
Read-only access¶
Argus uses read-only IAM roles on every cloud. It cannot modify, delete, or create any resources in your account. The specific permissions are documented on the IAM Permissions page.
| Cloud | Auth method | Scope |
|---|---|---|
| AWS | IAM execution role (Lambda) or assumed role (multi-account) | Read-only: Resource Explorer, CloudWatch, Cost Explorer, CloudTrail, Describe APIs |
| GCP | Service account with viewer roles | Read-only: Asset Inventory, Monitoring, Logging, BigQuery |
| Azure | System-assigned managed identity | Read-only: Resource Graph, Monitor, Cost Management, Activity Log |
Data collected¶
During a scan, Argus reads:
- Resource metadata — IDs, types, regions, tags, creation dates
- Usage metrics — CPU, network, disk I/O, connections (aggregated, not per-request)
- Cost data — estimated monthly cost per resource in USD
- Activity timestamps — when each resource was last accessed or modified
Argus does not read:
- File contents, database records, or application data
- Network traffic or request logs
- Secrets, keys, or credentials stored in your resources
- PII or customer data
Data flow¶
- Resource data is fetched from cloud APIs and held in memory during the scan
- A compressed summary is sent to the AI provider for analysis (one batched call)
- The AI returns findings with waste reasons and recommendations
- A JSON + HTML report is saved to cloud storage (if configured)
- A compact Slack digest is posted with a link to the full report
- All in-memory data is discarded when the function exits
Data retention¶
| Location | Retention | Encryption |
|---|---|---|
| Cloud storage (S3/GCS/Blob) | 90 days (lifecycle rule on S3; configurable on GCS/Blob) | Encrypted at rest (cloud-native SSE) |
| Pre-signed/SAS URLs | 7 days (configurable via REPORT_URL_EXPIRY) | HTTPS in transit |
| Slack messages | Controlled by your Slack workspace retention policy | Slack's encryption |
| Lambda/Cloud Run/Function memory | Ephemeral — discarded after each invocation | N/A |
AI provider data handling¶
The AI call sends a compressed resource summary (IDs, metrics, costs) — not raw cloud API responses. No credentials, secrets, or application data are included.
| Provider | Data path | Retention |
|---|---|---|
| AWS Bedrock | Stays in your AWS account. Model invocation logs are off by default. | No training on your data (AWS policy) |
| Anthropic API | Sent to Anthropic's API endpoint. | Not used for training. See Anthropic's privacy policy |
| Vertex AI / Azure OpenAI | Stays in your cloud account | Governed by your cloud provider agreement |
Credential handling¶
- No hardcoded credentials — all auth is via environment variables or cloud-native IAM roles
- Multi-account STS sessions — temporary credentials, 1-hour expiry, never stored to disk
- Webhook URLs — marked
NoEcho(AWS) /@secure()(Azure) in deploy templates - API keys — stored in environment variables, never logged
Network access¶
Argus makes outbound HTTPS calls to:
- Your cloud provider's APIs (same account/project/subscription)
- The configured AI provider endpoint
- Slack's incoming webhook endpoint
- Cloud storage for report upload
No inbound network access is required. The Lambda/Cloud Run/Function does not expose any HTTP endpoints.