Security

Cross-account IAM role.
No keys. No data egress.
Revoke in two clicks.

Fortem runs inside your AWS. Your workloads, databases, and secrets stay in yours. We only ask for the rights to call ECS APIs and read CloudWatch — nothing else.

Download the security packet ↓Run Fleet Audit →

Book a 20-min call

Trust

You don't have to trust us. The architecture means you don't need to.

We're early, and we're not SOC 2 certified yet — so we built Fortem so that trust is something you can verify yourself, today, in about 10 minutes:

·Read-only by default — write actions are per-environment and opt-in.

·Our exact IAM policy is published. Read it, diff it, hand it to your security team.

·We never touch your data, database contents, or secrets — only ECS/CloudWatch metadata.

·Delete the role and we're gone in 2 minutes. Your fleet runs exactly the same.

How the connection works

Cross-account IAM. No credentials stored.

Cross-account IAM role — not access keys

Fortem connects via sts:AssumeRole. A trust policy names Fortem's AWS account ID; AWS handles short-lived token lifecycle. No long-lived keys exist anywhere.

Least-privilege policy — the exact IAM JSON is published

The IAM policy Fortem requires is published for audit. Scope is limited to ECS describe/list, CloudWatch Logs/Metrics read, and tagging. No IAM admin, no S3, no RDS data plane.

Read-only by default — write actions require explicit grant

Write actions (start/stop/scale/redeploy) require explicit per-environment enablement and are scoped by the ManagedBy=fortem tag. You control which environments Fortem can act on.

Data never transits Fortem — only metadata

Only metadata returns: status, task counts, metrics, and log lines you open in the UI. Your application data, database records, S3 objects, and Secrets Manager values are never requested and never transit our systems.

IAM permissions — exact list

What Fortem can and cannot do in your account.

ECS

YES

Describe clusters, services, tasks, task definitions

YES

List services and tasks

YES

Start and stop ECS services (set desired count)write-enabled envs only

YES

Redeploy running tasks (force new deployment)write-enabled envs only

Delete clusters, services, or task definitions

Modify task definition IAM roles

Push images to ECR

CloudWatch Logs

YES

Read log groups and log streams for ECS tasks

YES

Filter log events (used by AI diagnostics)

Delete log groups or log streams

Export logs to S3 or external destinations

CloudWatch Metrics

YES

Read ECS service metrics (CPU, memory utilization)

Create or modify alarms

Write metric data

Resource Tagging

YES

Read resource tags (used for environment discovery)

YES

Tag Fortem-managed resources (for tracking)write-enabled envs only

Modify tags on non-ECS resources

What Fortem never requests

Secrets Manager or Parameter Store — any action

RDS, DynamoDB, ElastiCache — data plane access

S3 — any action

IAM — create, modify, or delete roles or policies

KMS — decrypt or re-encrypt operations

VPC, Security Groups — modify network rules

About SOC 2

We are not SOC 2 certified yet — and we won't pretend otherwise.

Here's what we can do for your security review right now:

·Share our controls matrix, the published IAM policy, and a data-flow diagram — under NDA if you prefer.

·Offer a self-hosted / air-gapped install on the Custom plan if your policy requires Fortem to run entirely inside your perimeter.

·Walk your security team through the access model on a call — with the engineer who built it, not a sales rep.

Most teams clear our model in a single call, because there's almost nothing to clear: no data ever leaves your account.

Compliance

GDPR — only metadata is processed

Service names, task counts, schedule configs. No personal data. DPA available on the Custom plan.

HIPAA — BAA available at Custom tier

Scope is narrow because no PHI ever transits Fortem. Business Associate Agreement available on the Custom plan.

Audit log — every action, every user

Timestamp, user identity, environment, outcome, before/after state. Retention: 90 days in the Fortem UI; custom retention on the Custom plan.

Leaving takes two minutes

Delete the IAM role and all Fortem access ends. Your ECS environments, schedules (native AWS EventBridge), and infrastructure keep running. Nothing Fortem does creates a dependency on Fortem.

Download the security packet or book a review call.

Security reviews are handled by the engineer who built the access model. Response within 4 hours, weekdays.