Skip to main content

Altostra Cloud Integration


Our goal at Altostra is to streamline cloud development, deployment and management for developers. We want our users to enjoy and use all the cloud infrastructure advantages with as little as possible hurdles and configuration while keeping maximum security.

Once you integrate your AWS account, Altostra can deploy, manage and monitor your projects on your behalf. To ensure you're fully protected, we follow and adhere to the AWS best practices and security guidelines on providing access to AWS accounts owned by third parties.

How it works

For Altostra to operate within your AWS account on your behalf, AWS requires several things:

  1. An IAM Role in your account that can be assumed by Altostra
  2. An appropriate policy for the Role
  3. An explicit permission on that role that it can be used only by Altostra (by specifying Altostra's account ID)
  4. A secret token called externalId that is known only to Altostra and yourself and is used to prevent the confused deputy problem.

This process is safe yet cumbersome. So instead of asking you to perform these steps manually when you connect your account to Altostra, we generate a CloudFromation template for you, with all the relevant parameters preset.

Once you run the template, it generates all of the required resources and sends a notification to Altostra. You can then use Altostra to deploy projects to your account.

You can read a detailed technical post on how the mechanism works on our blog

Resources created by the template

Logical IDResource TypeDescription
AltostraS3BucketAWS::S3::BucketThis is where Altostra will store all your project versions and account related data
CrossAccountRoleAWS::IAM::RoleThis is the IAM role Altostra assumes when it stores and deploys your projects
PhoneHomeCustomResourceCustomThis one-time resource is used to send the connections details to Altostra - namely, the newly generated IAM Role ARN

Ready to Get Started?

Get Started for Free
© 2023 Altostra, Inc.