Trust model
AssumeRole with ExternalId protects the trust path between the customer account and Hoogly.
Security Documentation
AWS Access Documentation
This page gives security, cloud, and procurement reviewers a concise overview of Hoogly's read-only AWS access model and downloadable review artifacts.
At a glance
Review scope summary
Use this section for a fast understanding of how Hoogly requests access, what permission scope it needs, and how customers retain control.
Permission scope
SecurityAudit is the baseline, with scoped read-only additions required for validation and evidence coverage.
API behavior
The application performs read-only validation calls to confirm state and gather evidence context.
Revocation
Customers can revoke role access anytime by removing or disabling the IAM trust path.
What reviewers get
Included review topics
The PDF and embedded preview follow the same structure so cloud, procurement, and security reviewers are working from the same source material.
01
Trust relationship and ExternalId usage
The documentation covers the trust relationship, trusted AWS account, and the ExternalId condition used to support cross-account access review.
02
Managed and inline IAM permissions
Reviewers can inspect the managed and inline IAM permissions attached to the Hoogly audit role, including the SecurityAudit baseline.
03
Direct AWS API operations used by the app
The artifact lists the direct AWS API operations used by the current application for scan validation and evidence-oriented reads.
04
Operational boundaries and reviewer checklist
The package includes operational boundaries, revocation guidance, and a reviewer checklist for internal approval workflows.
How access works
High-level role and evidence path
This sequence shows the customer-controlled access boundary from IAM role creation through read-only validation and documentation output.
Customer AWS Account
The customer controls the source account and decides whether to create the review role.
IAM Role with trust policy
A customer-created IAM role defines the trust relationship and the read-oriented permission boundary.
Hoogly assumes role using ExternalId
The application uses the customer-provided trust path and ExternalId condition to establish a temporary read-only session.
Read-only API evidence collection
The current app performs validation and evidence-oriented AWS API reads without changing customer configuration.
Documentation / validation output
Reviewers can validate access scope against the embedded PDF, downloadable artifact, and IAM template reference.
Reviewer focus areas
Primary areas reviewers typically inspect
These sections map the most common approval questions to the exact trust, permission, and operational details covered by the documentation set.
Trust Model
AssumeRole with ExternalId
The trust path is based on a customer-controlled IAM role with an ExternalId condition to support cross-account access review.
Policy Basis
SecurityAudit plus focused read-only extras
The permission set starts with AWS SecurityAudit and adds only specific read-oriented actions required for validation and reporting completeness.
Reader Access
Preview online or download for procurement review
Reviewers can inspect the document in-browser or download the same artifact for vendor assessment, ticketing, or offline approval workflows.
Validation Scope
Direct AWS API validation visibility
The current application uses explicit AWS API calls to validate scanner prerequisites and read evidence-relevant configuration state.
Embedded review copy
Same artifact as downloadable PDF
Review the same artifact you can download
The embedded view below is the same documentation artifact available through the downloadable PDF, making it easier to review online before routing the file into procurement or security workflows.
If your browser blocks inline PDF rendering, use the fallback links here to download the file, open it in a new tab, or inspect the IAM template used by the current application.