Data protection in Amazon CodeCatalyst
Security and Compliance is a shared responsibility between Amazon CodeCatalyst and the customer, just
as the AWS shared responsibility model
For data protection purposes, we recommend that you protect your account credentials, and that you set up multi-factor authentication when signing in. For more information, see Multi-factor authentication (MFA) in Amazon CodeCatalyst.
Do not enter confidential or sensitive information, such as your customers' email addresses, in tags or free-form fields such as a Name field. This includes resource names and any other identifiers you enter in CodeCatalyst in addition to any connected AWS accounts. For example, do not enter confidential or sensistive information as part of space, project, or deployment fleet names. Any data that you enter in tags, names, or free-form fields used for names might be used for billing or diagnostic logs or could be included in URL paths. This applies to using the console, API, AWS CLI, the CodeCatalyst Action Development Kit, or any AWS SDKs.
If you provide a URL to an external server, we strongly recommend that you do not include any security credentials information in the URL to validate your request to that server.
CodeCatalyst source repositories are automatically encrypted at rest. No customer action is required. CodeCatalyst also encrypts repository data in transit using the HTTPS protocol.
CodeCatalyst supports MFA. For more information, see Multi-factor authentication (MFA) in Amazon CodeCatalyst.
Data encryption
CodeCatalyst securely stores and transfers data within the service. All data is encrypted in transit and at rest. Any data created or stored by the service, including any metadata for the service, is stored natively in the service and encrypted.
Note
While information about issues is stored securely within the service, information about open issues is also stored in the local cache of the browser where you viewed issue boards, backlogs, and individual issues. For optimal security, be sure to clear your browser cache to remove this information.
If you use resources linked to CodeCatalyst, such as an account connection to an AWS account or a linked repository in GitHub, data in transit from CodeCatalyst to that linked resource is encrypted, but the data handling in that linked resource is managed by that linked service. For more information, see the documentation for the linked service and Best practices for workflow actions in Amazon CodeCatalyst.
Key management
CodeCatalyst does not support key management.
Inter-network traffic privacy
When working with linked resources and connected accounts such as a connection to an AWS account or a GitHub repository, we recommend configuring your source and destination locations with the highest level of security that each one supports. CodeCatalyst secures the connection between AWS accounts, AWS Regions, and Availability Zones by using Transport Layer Security (TLS) 1.2.