All posts
June 18, 20264 min read

Configuring AI coding agents access to AWS with OIDC/SSO

An AI‑driven code‑completion service was granted a static AWS key and began provisioning resources without any oidc/sso oversight. The key was stored in a CI pipeline, duplicated across several job definitions, and never rotated. When the service mis‑interpreted a comment, it launched a large number of EC2 instances that quickly exhausted the account’s quota. The incident highlighted three systemic gaps: the agent operated with a long‑lived credential, there was no real‑time verification of who

Free White Paper

AI Model Access Control + Customer Support Access to Production: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

An AI‑driven code‑completion service was granted a static AWS key and began provisioning resources without any oidc/sso oversight. The key was stored in a CI pipeline, duplicated across several job definitions, and never rotated. When the service mis‑interpreted a comment, it launched a large number of EC2 instances that quickly exhausted the account’s quota. The incident highlighted three systemic gaps: the agent operated with a long‑lived credential, there was no real‑time verification of who or what was requesting access, and every operation disappeared into the AWS audit logs without a clear link to the originating AI workflow.

Modern development pipelines increasingly rely on generative agents to write, test, and even deploy code. Those agents need to talk to cloud APIs, but treating them like ordinary users creates a dangerous blend of automation and privilege. The industry answer is to replace static secrets with identity‑based, short‑lived tokens issued through OIDC/SSO flows. By tying each request to a federated identity, a system can enforce least‑privilege policies, require just‑in‑time approval, and produce an audit trail that maps every action back to a concrete identity.

However, simply configuring an OIDC identity provider for the AI service does not close the loop. The service still contacts AWS directly, using the token it received. Without a control point on the data path, the token can be reused, the request can bypass policy checks, and no one can intervene if a command looks suspicious. What is missing is a gateway that sits between the federated identity and the AWS control plane, where every request can be inspected, approved, or blocked before it reaches the target.

Why oidc/sso matters for AI coding agents

OIDC/SSO introduces two essential guarantees. First, the credential is short‑lived and scoped to the exact set of actions the agent is allowed to perform. Second, the token is tied to a federated identity that can be audited by the organization’s identity provider. For AI agents, this means the system can revoke access the moment a model is updated or a policy changes, without having to rotate static keys across dozens of pipelines.

The missing enforcement layer

Even with OIDC, the request travels straight to AWS. At that point the cloud provider sees only a valid token and the AWS service permissions attached to it. There is no place to inject additional guardrails such as command‑level approval, real‑time masking of sensitive response fields, or session recording that captures the exact query the AI issued. Those controls belong to a data‑path component that can observe the full protocol exchange.

hoop.dev as the data‑path gateway

hoop.dev is built to occupy that exact spot. It acts as an identity‑aware proxy that terminates the OIDC flow, validates the token against the organization’s IdP, and then forwards the request to AWS only after applying policy checks. Because hoop.dev sits in the data path, it alone can enforce just‑in‑time approvals, block dangerous commands, mask sensitive values in responses, and record every session for replay. The enforcement outcomes exist only because hoop.dev is the gateway; removing it would return the architecture to the insecure direct‑connect model described earlier.

How the architecture works

1. The AI coding agent authenticates to the corporate IdP using OIDC. The IdP issues a JWT that carries the agent’s group membership and any custom claims required for policy evaluation.

2. The agent presents the token to hoop.dev instead of contacting AWS directly. hoop.dev validates the token, extracts the identity information, and checks it against the organization’s access policies.

Continue reading? Get the full guide.

AI Model Access Control + Customer Support Access to Production: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

3. If the request matches a policy that requires approval, hoop.dev triggers a workflow that routes the request to a human approver. The request is held until the approver grants or denies access.

4. Once approved, hoop.dev forwards the request to the AWS endpoint using a credential that it alone manages. The credential is never exposed to the AI agent, eliminating the risk of credential leakage.

5. During the exchange, hoop.dev can mask fields such as access keys or personal data that appear in AWS responses, ensuring that downstream logs do not contain raw secrets.

6. hoop.dev records each request and response, making the sessions available for replay and audit.

All of these steps happen without requiring any changes to the AI agent’s code. The agent continues to use its standard AWS SDK or CLI, but the traffic is routed through hoop.dev’s network‑resident agent that sits close to the target resource.

Benefits delivered by hoop.dev

  • hoop.dev records each session, giving teams a complete replayable audit trail that ties every AWS operation back to the originating OIDC identity.
  • hoop.dev masks sensitive fields in AWS responses, preventing accidental exposure of secrets in downstream logs.
  • hoop.dev enforces just‑in‑time approval for high‑risk actions, reducing the blast radius of a misbehaving AI model.
  • hoop.dev blocks commands that violate policy before they reach AWS, acting as a last line of defense against runaway automation.
  • Because hoop.dev holds the cloud credential, the AI agent never sees the secret, eliminating credential sprawl.

To get started, follow the getting‑started guide that walks through deploying the gateway, configuring OIDC integration, and registering an AWS connection. The full feature set is described in the learn section, where you can explore approval workflows, masking policies, and session replay.

For those who want to inspect the source code, contribute, or run the gateway in a custom environment, the project is open source on GitHub. Visit the repository to clone the code, read the architecture overview, and see how the OIDC/SSO integration is implemented.

FAQ

Is hoop.dev compatible with any OIDC provider?

Yes. hoop.dev works with any OIDC‑compliant identity provider, including Okta, Azure AD, Google Workspace, and others. The gateway simply validates the JWT and extracts the claims needed for policy decisions.

Can I use hoop.dev with existing CI pipelines?

Absolutely. CI jobs can request an OIDC token from the pipeline’s identity service, then send their AWS calls through hoop.dev. The gateway enforces the same approval and masking policies as interactive users.

What happens if an AI model tries to execute a disallowed command?

hoop.dev intercepts the request, evaluates it against the policy, and blocks it before it reaches AWS. The block event is recorded, and an optional alert can be sent to the security team.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot