Every Substrate customer is by definition an AWS customer and has placed a lot of trust in the AWS security architecture. Substrate’s goal, with respect to security, is to introduce as few new security-critical code paths as possible, to make the best of AWS better, and to make the most confusing of AWS safer.
Substrate helps AWS rely only on your identity provider for information about human identity. This eliminates lots of possibilities for drift between who works at your company and who has access to any of your AWS resources. Substrate’s job in this security architecture is simply to exchange access tokens from your identity provider for temporary AWS credentials.
The permissions any human or service is granted are exclusively configured within AWS without any messy system-crossing opportunities for misconfiguration or confusion. AWS IAM roles and policies are longstanding, well-understood primitives that you can manage more efficiently with Substrate.
Nonetheless, Source & Binary are committed fully to our position in the security architecture of every customer’s business. We welcome inquiries and reports on the security of Substrate via email to email@example.com.