Security
Wut.Dev is a read-only, privacy-focused, client-side resource explorer and debugging tool for viewing your AWS resources. There are no ads or third-party hosted libraries or trackers. The AWS JavaScript SDK is used to make API calls directly to AWS from your browser. Wut.Dev does not proxy AWS calls; you can verify this by opening your browser’s network panel and monitoring the network requests made to AWS.
Note: In lieu of third party analytics, Wut.Dev maintains its own opt-in (disabled by default) lightweight endpoint to collect anonymous usage stats that help us improve the service. See: Usage Stats below for more details.
Summary
We collect as little information as possible to provide this service and have engineered it to work entirely within your browser, without any server-side components or dependencies that would require us to store or process your data.
Credential Management
When you enter your AWS credentials (access key, secret, and session token) on wut.dev, they are cached in your browser’s local storage so that they persist after a page refresh. Credentials are never sent elsewhere, and are used solely by the AWS SDK to sign API calls made to AWS endpoints.
AWS Permissions
Wut.Dev uses the identity of the credentials you enter, meaning it has whatever AWS permissions belong to that IAM entity. Picture it as the AWS CLI, just in your browser.
For Organization-related features, the IAM entity you create for wut.dev must have access to the following AWS APIs in your Organization management account. We recommend using organizations:list*
and organizations:describe*
.
organizations:listAccountsForParent
organizations:listTagsForResource
organizations:listOrganizationalUnitsForParent
organizations:listRoots
organizations:listPolicies
organizations:listTargetsForPolicy
organizations:describeOrganization
organizations:describePolicy
Additionally, to debug IAM access issues, Wut.Dev uses the following API calls:
organizations.listParents
organizations.describeAccount
iam.listAccountAliases
organizations.listPoliciesForTarget
iam.getRole
iam.getUser
iam.listAttachedUserPolicies
iam.getPolicy
iam.getPolicyVersion
iam.simulatePrincipalPolicy
cloudtrail.lookupEvents
To assume the Wut.Dev role in member accounts, the management account role must also be given sts:Assume
role permission on the resource arn:aws:iam::*:role/WutDotDevAccessRole
.
Web Dependencies
Several dependencies are used on Wut.Dev:
- Tabler + Bootstrap - Open-source UI kit
- AWS SDK - AWS API JavaScript client
- Vis.js - For resource node diagrams
- Tom Select - A library to make the select drop-down boxes searchable
- Ag-Grid - A library to display nice looking tables
- JQuery - Makes the JS go brrr
These dependencies are minified and served from wut.dev’s domain. There are no third-party hosted dependencies.
Usage Stats
Wut.Dev maintains a lightweight stats service, designed to help us improve the service by determining the pages and features with the highest usage. You can see the stats script, in its entirety, here.
This script collects the following information:
- The page path (e.g.,
/
or/aws
) but not any parameters or query strings - The AWS service namespace (e.g.,
acm
certificates
) - Count of resources (e.g.,
120
) - Whether “Demo Mode” is enabled (e.g.,
true
) - Time on page (e.g.,
4000ms
) - The license key, if entered
- The timestamp and a UUID for session correlation
We do not collect any data about your cloud resource configurations, notes that you’ve saved on Wut.Dev, exported data, or any cloud resource identifiers or account IDs.
While we’d appreciate you enabling stats, and use it to make site improvements, usage stats are disabled by default. You can enable them by clicking “Config” in the site footer and scrolling down to “Usage Stats” and toggling to enable.
Privacy
When you access wut.dev, your IP address and user agent may be logged by our CDN (AWS CloudFront). If usage stats are enabled (see above) we also log the information specified.
If you choose to enter your email address to receive updates, this information is recorded by Google Forms. We do not sell, rent, lease, or otherwise reveal your information to any other parties unless required by law.
Legal
Wut.Dev is not affiliated with, endorsed by, or in any way associated with AWS. AWS is a registered trademark of Amazon.com, Inc. Your use of Wut.Dev is your responsibility. We are not responsible for any damages or losses that may occur as a result of using this site. By using this site, you agree to indemnify and hold harmless the site owner and its affiliates from any claims, damages, or losses that may occur as a result of using this site.