All posts
June 18, 20264 min read

Configuring autonomous agents access to AWS with non-human identity

Autonomous agents that run without a human in the loop often reach for long‑lived AWS keys, exposing the entire account to accidental misuse or credential leakage. When you rely on non-human identity for these agents, the risk of a stolen secret becomes a direct pathway to the cloud. When a service account or CI job stores a static access key in a repository, any compromise of that secret instantly grants the attacker unrestricted API access. The breach surface expands because the same credenti

Free White Paper

Non-Human Identity Management + Customer Support Access to Production: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

Autonomous agents that run without a human in the loop often reach for long‑lived AWS keys, exposing the entire account to accidental misuse or credential leakage. When you rely on non-human identity for these agents, the risk of a stolen secret becomes a direct pathway to the cloud.

When a service account or CI job stores a static access key in a repository, any compromise of that secret instantly grants the attacker unrestricted API access. The breach surface expands because the same credential is reused across environments, and there is no way to tell which agent performed which API call.

Beyond the credential problem, teams typically lack a reliable audit trail for machine‑initiated actions. Logs are scattered across CloudTrail, application logs, and ad‑hoc scripts, making it hard to answer who invoked a particular Lambda, launched an EC2 instance, or altered an S3 bucket policy.

Why non-human identity matters for autonomous agents

Non-human identity replaces static secrets with short‑lived, identity‑bound tokens issued by an OIDC or SAML provider. Each token carries the service account’s group membership, enabling fine‑grained, just‑in‑time permissions that can be revoked centrally. The setup phase, creating a federated application, assigning roles, and configuring the agent to request a token, defines who the request is and whether it may start. This is the essential Setup layer.

Using non-human identity eliminates the need to embed long‑lived AWS keys in code or configuration files. It also allows audit platforms to correlate a token’s subject with a specific CI pipeline or bot, satisfying compliance teams that require per‑entity accountability.

The missing enforcement gap

Even with federated tokens, the request still travels directly from the agent to the AWS service endpoint. The gateway that carries the request does not inspect the payload, does not enforce command‑level policies, and does not record the session. Consequently, an agent can still execute any API call that its token permits, without any real‑time approval step, without inline masking of sensitive responses, and without a replayable record of the interaction.

In practice this means that a compromised CI runner could still delete a production S3 bucket or spin up a large fleet of instances before any alarm fires. The organization retains visibility only after the fact, through CloudTrail, which does not provide session‑level replay or the ability to block dangerous operations before they happen.

Continue reading? Get the full guide.

Non-Human Identity Management + Customer Support Access to Production: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Introducing hoop.dev as the data‑path gateway

hoop.dev sits in the Layer 7 data path between the autonomous agent and the AWS API. By proxying every request, hoop.dev becomes the only place where enforcement can happen. It validates the non-human identity token, then applies policy checks before forwarding the call.

hoop.dev records each session, enabling replay of every API request and response. It can mask sensitive fields, such as secret values returned by GetSecretValue, so that downstream logs never expose raw secrets. When a request matches a high‑risk pattern, hoop.dev can pause the call and route it to a human approver, providing just‑in‑time approval without breaking the automation pipeline.

Because hoop.dev holds the AWS credential used to talk to the service, the agent never sees the credential. This satisfies the Enforcement outcomes requirement that “the agent never sees the credential.” All guardrails, audit, masking, approval, and command blocking, exist only because hoop.dev occupies the data path.

Policy flow for an autonomous agent

  1. Agent obtains a short‑lived OIDC token representing a service account.
  2. Agent connects to hoop.dev using the standard AWS SDK or CLI, pointing the endpoint to the hoop.dev gateway.
  3. hoop.dev validates the token against the identity provider, extracts group membership, and maps it to a policy that defines allowed AWS actions.
  4. Before forwarding, hoop.dev evaluates the request against the policy. If the action is allowed, the request proceeds; if it is high‑risk, hoop.dev triggers a just‑in‑time approval workflow.
  5. Responses from AWS flow back through hoop.dev, where any sensitive data is masked and the full request/response pair is logged for replay.

Benefits captured by hoop.dev

  • Session recording: Every API call is stored, enabling forensic replay.
  • Inline masking: Sensitive fields are redacted in real time, preventing secret leakage.
  • Just‑in‑time approval: High‑risk actions require human sign‑off before execution.
  • Command blocking: Disallowed API calls are rejected at the gateway.
  • Credential isolation: The agent never handles the AWS secret key.

Getting started with hoop.dev

To put this architecture into production, start with the getting‑started guide. The guide walks you through deploying the hoop.dev gateway, registering an AWS connection, and configuring OIDC federation for non-human identities. All of the policy definitions and approval workflows are described in the feature overview, where you can see examples of masking rules and just‑in‑time approval pipelines.

Because hoop.dev is open source, you can review the code, contribute improvements, or host the gateway in your own VPC. The full repository is available on GitHub: Explore the source code on GitHub. The repo includes Helm charts, Docker Compose files, and example policies to help you bootstrap the solution quickly.

FAQ

Do I still need IAM roles for the AWS connection?

Yes. hoop.dev uses a dedicated service identity to talk to AWS. The role should have the minimal permissions required for the policies you intend to enforce. Non-human identity controls who may request a token, while the gateway enforces what that token can do.

Can I use existing CI/CD pipelines without code changes?

Absolutely. By pointing the AWS SDK or CLI endpoint to the hoop.dev gateway, the pipeline continues to use the same commands. The only change is the network address, which can be injected via environment variables.

How does hoop.dev handle secret masking for services like Secrets Manager?

When a response contains fields marked as sensitive, hoop.dev redacts those fields before they reach the agent or downstream logs. The masking rules are defined in the policy layer, ensuring consistent protection across all services.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot