Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Transilience AI Platform – Security & Deployment FAQ

            Created by Venkat Pothamsetty, Modified on Tue, 10 Mar at 5:46 AM by Venkat Pothamsetty

            IAM & Permissions

            Why does the IAM policy include wildcard permissions (*)?

            Wildcard permissions allow Transilience to review the full infrastructure and configuration state across your AWS environment, including EC2 instances, Lambda functions, VPC configurations, route tables, GuardDuty, IAM configurations, and other security-relevant services.

            Note: These permissions do not grant access to your servers, application data, or database content.

            If you prefer to limit access to only the security audit role, we provide different permission tiers in our deployment guide.

            How is data secured in transit?

            All communication between AWS and Modal occurs over TLS 1.2 or higher, ensuring encrypted transmission.

            Why are CloudWatch logs not encrypted or configured with a retention policy by the Lambda function?

            The Lambda function uses the AWSLambdaBasicExecutionRole, which permits creating CloudWatch logs. Logs are stored within your AWS infrastructure and follow your organization's existing logging and retention policies. Enabling encryption or custom retention through the Transilience deployment would affect your entire CloudWatch configuration, which is outside the scope of this integration. If you have specific logging requirements, please contact us to evaluate feasibility.

            OIDC & Role Trust

            What is Modal ?

            Modal is a AI compute platform for AI applications.  Think of it as AWS for AI applications, workspaces are similar to AWS accounts.  There are two workspaces prod and backup, that are requested to be given access to (ac-v1CZ9*, ac-ANyi*) both belong exclusively to Transilience (Network Intelligence).

            We source each of our supply chain very carefully.  Modal labs is SOC2 Type 2 compliant.  Security commitment is here.  DPA is here

            Do the Transilience Modal workspace IDs belong exclusively to your organization?

            Yes. All workspace IDs referenced in the CloudFormation template belong exclusively to Transilience and correspond to our production Modal.com workspaces.

            Why does the role trust policy use a wildcard (*) for the workspace sub-claim instead of a specific function?

            The wildcard allows the platform to operate across all functions within our workspace. Restricting to individual function identifiers would create significant operational overhead. If preferred, access can be scoped to the security audit role only — a scoped YAML template is available in our deployment guide.

            How is the Modal OIDC certificate thumbprint verified and rotated?

            The OIDC certificate lifecycle is managed by Modal, including verification and rotation of thumbprints when certificates change.

            Data Handling

            What data is collected during registration?

            • AWS Account ID
            • IAM Role ARN and Role Name
            • Customer email and company name
            • AWS Region

            Where is this data stored?

            Data is stored within Modal's infrastructure, where Transilience's application runs.

            How long is the data retained?

            Data is retained only for the duration of the active project engagement, unless otherwise requested by the customer.

            Who has access to the account metadata collected during registration?

            • Forward Deployed Engineers — may access on a need-to-know basis for customer project support

            Is the backend endpoint (modal.run) part of your infrastructure or a third-party service?

            The endpoint runs Transilience application code on Modal's serverless compute platform. Modal provides a publicly available Data Processing Agreement (DPA).

            Access & Operations

            How often does Transilience assume the IAM role?

            The role is assumed only when a compliance scan is initiated — either via a scheduled or manual scan.

            Is role assumption logged?

            Yes. Every role assumption is logged in two places:

            • AWS CloudTrail — full sts:AssumeRoleWithWebIdentity event, source IP, session details, and OIDC claims
            • Modal Flow Logs — secondary audit trail within the Transilience platform

            For how long is AWS access maintained?

            Access is maintained for the duration of the monitoring engagement, as defined in the service agreement.

            What is the offboarding process?

            Customer data is retained only for the duration of the project engagement and can be deleted upon request at the end of the engagement.

            Compliance & Security Reports

            Is a SOC 2 report available for the Transilience AI platform?

            Yes. The SOC 2 report is available upon request. Please reach out to security@transilience.ai and we will provide access under NDA.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0