Security & Compliance

🏢 Built for Enterprise Security

"We don't just say it's secure; AWS verifies it."

🛡️ In-Place Processing: Parqify processes data in-place, directly within your cloud environment, ensuring that your data remains secure and private. Your data never leaves your cloud account.

🛡️ Network Isolated: You retain full control over network rules, subnets, and encryption keys. Parqify can operate in private subnets with no public internet required.

🛡️ Scanned by Cloud Providers: Every version of the Parqify AMI undergoes automated security scans by the cloud platform to detect vulnerabilities, malware, and insecure configurations before being approved for the Marketplace.

AWS

Parqify requires access to Amazon S3 buckets. Access can optionally be limited to a specific folder path or prefix.

This file is an example IAM policy in JSON format that Parqify creates during CloudFormation deployment.

Parqify CloudFormation creates the EC2 instance and the Instance Profile with this IAM policy so that Parqify can operate correctly.

During CloudFormation deployment, the customer can choose either:

to create the IAM role and policy automatically, or
to use an existing IAM role created by the customer.

If the customer chooses to use an existing IAM role, it must include the required permissions described below and in the JSON policy example.

Required Permissions

Parqify requires the following permissions to exist in the policy assigned to the EC2 IAM role.

Amazon S3 Access

Source bucket

Required for reading files and scanning folders:

s3:GetObject
s3:ListBucket

Destination bucket

Required for reading files and scanning folders:

s3:GetObject
s3:ListBucket
s3:ListBucketMultipartUploads

Required for writing files and creating folders:

s3:PutObject
s3:DeleteObject

Amazon CloudWatch Logs

Required for publishing logs:

logs:CreateLogStream
logs:DescribeLogStreams
logs:PutLogEvents

Download IAM policy example