Security
Control plane in our cloud, data plane in yours. Least-privilege IAM, no access keys, no data egress.
Ownkube is designed so your code, data, and runtime stay inside your AWS account. The control plane in our cloud only receives configuration intent. The actual workloads, databases, logs, and traffic all live with you.
Trust model at a glance
Least-privilege IAM
A single scoped-down IAM role in your account. No access keys stored, no root credentials ever used.
No data egress
Application traffic, request bodies, database rows, and logs never leave your VPC.
Encryption everywhere
At rest with AWS KMS keys in your account. In transit with TLS on every hop.
Disconnect anytime
Remove the IAM role and your cluster keeps running. You own the VPC, the nodes, and the data.
Control plane vs data plane
- Control plane (Ownkube) stores cluster metadata, deployment configuration, user accounts, billing. Never receives your application's traffic or data.
- Data plane (your AWS account) runs every container, every database, every load balancer, every TLS certificate. All data stays here.
How the AWS connection works
When you connect your AWS account, a CloudFormation stack creates a single IAM role with:
- A trust policy that only lets Ownkube's AWS account assume it, and only with a unique external ID generated for your account
- Scoped-down permissions limited to what Ownkube needs: EKS, EC2, VPC, CloudFormation, S3 for state, IAM role-passing, ACM, Route 53, Elastic Load Balancing, ECR
No long-lived AWS credentials are stored in Ownkube's database. Every action uses short-lived STS credentials obtained by assuming the role with the external ID.
Data handling
| Data type | Where it lives | What Ownkube sees |
|---|---|---|
| Application code | Your container registry | Nothing (Ownkube pulls it to your cluster) |
| Application traffic | Your cluster's load balancer | Nothing |
| Request bodies, responses | Your cluster | Nothing |
| Database rows | Inside your cluster | Nothing |
| Environment variables | Your cluster's secret store, encrypted at rest | Encrypted reference only |
| Container logs | Inside your cluster | Nothing |
| Deployment config | Ownkube database (encrypted) | Yes: image, env var keys (values encrypted), scale, probes |
Environment variable values marked as Secret are encrypted at rest in Ownkube's database and masked everywhere in the UI. They're decrypted only when being pushed into the cluster's secret store, which itself is encrypted at rest with AWS KMS.
Compliance posture
Because everything runtime lives in your AWS account, your compliance scope mirrors whatever you already have with AWS.
- SOC 2: audit scope stays on your AWS account and internal processes
- HIPAA: keep your BAA with AWS directly; application data never leaves your account
- GDPR: data residency is determined by the region you pick when you create a cluster
- ISO 27001: scope stays under your organization's program
Ownkube itself maintains standard operational controls for the control plane. If you need documentation for your own audits, reach out.
Standard, non-proprietary infrastructure
Ownkube provisions standard AWS resources inside your VPC: EC2 instances, EKS clusters, Elastic Load Balancing, S3 buckets for state, ACM certificates, Route 53 records. No proprietary APIs, no custom runtimes.
If you disconnect Ownkube, all of those resources are standard AWS things you can continue to manage directly.
Disconnect anytime
Remove the IAM role (or delete the CloudFormation stack) and Ownkube loses access. Nothing gets torn down. Your clusters keep running, your databases keep serving traffic, your TLS keeps renewing. AWS handles all of that. Reconnecting is a three-minute flow.
"Disconnect" means Ownkube stops managing. It does not delete your resources, but it also means Ownkube can't help you if something goes wrong until you reconnect. For genuine decommissioning, delete the clusters first from the dashboard while still connected.
Security practices
Connect your AWS account
The three-step flow, with every permission listed.
How it works
Architecture deep-dive and the full trust model.
Don't see a feature you need? Email support@ownkube.io. Ownkube is shaped by the teams using it and we ship what our users ask for.