edcloud is a single-operator personal lab, not a multi-tenant platform.

Core assumptions:

• Access is Tailscale-only.
• The EC2 security group has no inbound rules.
• The operator controls AWS and Tailscale identities.
• Workloads are trusted by the operator.

• Public SSH exposure
• Public exposure of Portainer or workload ports (Portainer binds to Tailscale interface only)
• IMDSv1 usage (IMDSv2 is required, hop limit set to 1)
• Avoidable idle spend (automatic idle shutdown)
• Credentials in user-data (auth keys fetched from SSM at boot)

• Compromise of your AWS or Tailscale account
• Malicious or vulnerable containers you choose to run
• Physical compromise of devices in your tailnet
• Multi-user isolation and tenant-level access control
• Docker socket exposure in Portainer (accepted risk for single-operator convenience)

• Keep runtime secrets in AWS SSM Parameter Store.
• Do not commit credentials, keys, or tokens to git.
• Use MFA on AWS and your identity provider.
• Rotate Tailscale auth keys and remove unused devices.
• Keep AWS DLM backup policy enabled and review edc backup-policy status periodically.
• Run restore drills and validate backup recovery.

Do not open public issues for security vulnerabilities.

Report privately to @brfid on GitHub and include:

• A clear description
• Reproduction steps
• Expected impact
• Suggested remediation (optional)

Response targets:

• Initial acknowledgment: within 7 days
• Fix priority: based on impact and exploitability
• Public disclosure: after a fix is available

Security fixes are applied on main.

Security issues in upstream dependencies (AWS, Ubuntu, Docker, Tailscale, Portainer) should also be reported to the relevant maintainers.