Atmos ProAtmos Pro
Trust Center
Contact security

Atmos Pro

Atmos Pro is a hosted platform for managing Terraform and OpenTofu infrastructure with drift detection, deployment provenance, change governance, and audit logging. This portal contains our security and compliance documentation.

security@cloudposse.comPrivacy Policy

Purchasing Atmos Pro? Visit Procurement for vendor details, agreements, and payment options.

OverviewResourcesControlsSubprocessorsFAQUpdates

Controls

Infrastructure securityOrganizational securityProduct securityInternal security proceduresData and privacy

Product security

How changes to Atmos Pro are reviewed, scanned, and shipped safely.

ControlStatus
Mandatory peer code review
All changes are made via pull request and require review before merge.
Dependency scanning
Automated scanning flags vulnerable dependencies in the CI pipeline.
Secret scanning
Automated scanning detects accidentally committed secrets.
Comprehensive audit logging
Security-relevant actions are recorded to a tamper-evident audit log, available to customers with configurable retention.
Change management procedures enforced
Changes are authorized, documented, tested, reviewed, and approved before deployment to production.
Production deployment access restricted
The ability to migrate changes to production is restricted to authorized personnel.
Development lifecycle established
A defined SDLC governs development, change, and maintenance of the service.
Configuration management
System configurations are managed as code and deployed consistently across environments.
Responsible disclosure program
A published responsible-disclosure policy provides a clear channel for reporting vulnerabilities.
Control self-assessments conducted
Internal control self-assessments are performed periodically as the SOC 2 program matures.
Independent penetration testing
Third-party penetration testing is being scheduled as part of the SOC 2 program.