All posts
June 18, 20264 min read

Putting access controls around Claude: session recording for AI coding agents (on AWS)

When an AI coding assistant like Claude runs against production workloads, every generated command becomes a potential change to critical infrastructure. If a generated script inadvertently deletes a database, overwrites a configuration file, or leaks secrets, the damage can be immediate and costly. Without a reliable way to see exactly what the agent asked the cloud to do, teams are left guessing, spending hours reconstructing events from fragmented logs or, worse, discovering the impact only a

Free White Paper

AI Session Recording + AWS Control Tower: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Coleman Nye

When an AI coding assistant like Claude runs against production workloads, every generated command becomes a potential change to critical infrastructure. If a generated script inadvertently deletes a database, overwrites a configuration file, or leaks secrets, the damage can be immediate and costly. Without a reliable way to see exactly what the agent asked the cloud to do, teams are left guessing, spending hours reconstructing events from fragmented logs or, worse, discovering the impact only after an outage.

That uncertainty is why session recording is a non‑negotiable control for any organization that lets AI agents interact with AWS resources. A complete, immutable record of each request and response gives engineers forensic evidence, satisfies auditors, and provides a safety net for rapid debugging. It also deters malicious use of an agent because every action is visible and replayable.

Why session recording is essential for Claude agents

Claude can generate code in seconds, but the speed of generation does not guarantee safety. A single mis‑prompt can produce a command that grants broader permissions than intended, or a subtle typo can cause data loss. When the agent talks directly to AWS services, the cloud provider’s native logs capture the request, but they often lack context about who or what originated the call. Without a dedicated session recording layer, you cannot tie a specific Claude invocation to the exact API call, nor can you replay the interaction to see what the agent saw in the response.

Moreover, many compliance frameworks require a traceable audit trail for any privileged operation. Relying solely on AWS CloudTrail leaves a gap: the trail shows that a request happened, but it does not prove that the request was vetted, approved, or generated by an authorized AI process. A dedicated recording mechanism fills that gap by capturing the full conversational flow between the agent and the service.

How hoop.dev provides session recording for Claude

hoop.dev is a Layer 7 gateway that sits between Claude (or any other AI coding agent) and the AWS APIs it needs to reach. The gateway authenticates the agent via OIDC, holds the AWS credentials internally, and inspects every wire‑protocol exchange. While the agent thinks it is speaking directly to the service, hoop.dev records the entire session, masks any sensitive fields in the response, and can enforce just‑in‑time approvals before a command is sent downstream.

Because the recording happens in the data path, the audit trail is provably complete. hoop.dev stores each session in a protected log that can be replayed on demand, giving you a literal video of what Claude asked AWS to do and what AWS replied. The gateway never hands the AWS credential to Claude; the agent only presents its OIDC token, keeping the secret safely inside the network‑resident agent.

Continue reading? Get the full guide.

AI Session Recording + AWS Control Tower: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

High‑level architecture

  • Deploy the hoop.dev gateway inside the same VPC or subnet where your AWS resources live. A quick‑start Docker Compose file can spin up the service locally; Kubernetes manifests are also provided for production deployments.
  • Register each AWS target (for example, an S3 bucket, an EC2 instance, or an RDS database) as a connection in hoop.dev. The gateway stores the IAM role or static key needed to reach the target.
  • Configure an OIDC identity provider (Okta, Azure AD, Google Workspace, etc.) that issues tokens to Claude. hoop.dev validates those tokens and maps group membership to access policies.
  • Enable the session recording feature for the connection. From that point forward, every request and response passing through hoop.dev is logged, masked as needed, and available for replay.

With this layout, Claude sends its generated commands to the standard AWS endpoint (for example, using the AWS CLI or SDK). The traffic is intercepted by hoop.dev, which records the session, applies any masking rules, and forwards the request to AWS using the stored credential. The response follows the same path back to Claude, giving the agent the data it expects while the gateway retains a full audit record.

Implementing session recording for Claude on AWS

While the exact steps are covered in the documentation, the overall flow is straightforward:

  1. Set up an OIDC provider that Claude can use to obtain short‑lived tokens.
  2. Deploy the hoop.dev gateway using the quick‑start guide. The guide walks you through Docker Compose and shows how to point the gateway at your VPC.
  3. Define a connection for each AWS service Claude needs to access. Assign the minimal IAM role that satisfies the workload.
  4. Turn on session recording for those connections in the portal. Optionally configure inline masking for fields like access keys or passwords that might appear in responses.
  5. Give Claude the OIDC token and let it invoke AWS operations through the standard client libraries. hoop.dev will record every interaction automatically.

All of the policy decisions, who can call what, when a request needs human approval, which fields to mask, are expressed in hoop.dev’s configuration, not in Claude’s code. This separation keeps the AI model simple while ensuring that the enforcement point is always the gateway.

Benefits of a gateway‑based recording approach

  • Forensic clarity: Replay a session to see exactly what Claude asked AWS and what response it received.
  • Compliance readiness: Provide auditors with a complete, immutable log that ties each privileged call to an identity.
  • Risk reduction: Block dangerous commands or require manual approval before they reach AWS.
  • Secret protection: Mask sensitive data in responses so it never reaches the AI model or downstream logs.

Because hoop.dev operates at Layer 7, it can understand the semantics of each protocol, whether it’s an HTTP API call to AWS, a SQL query, or an SSH command, allowing fine‑grained controls that generic network firewalls cannot provide.

The logs are stored in a protected store managed by hoop.dev, providing an auditable trail that cannot be altered without detection.

Getting started

To try this out, follow the getting‑started guide for a full walkthrough of deployment, connection registration, and enabling session recording. The documentation also explains how to hook your OIDC provider and define least‑privilege IAM roles. For deeper insight into the feature set, explore the learn section of the site.

The source code and all deployment manifests are available in the public repository: github.com/hoophq/hoop. Feel free to clone, inspect, and contribute.

FAQ

Does session recording add latency to API calls?hoop.dev records traffic inline, but the overhead is minimal because it streams the data to its log store while forwarding the request. Most users see sub‑second latency.Can I replay a session without exposing secrets?Yes. hoop.dev can mask sensitive fields during replay, ensuring that only authorized personnel see the original values.

Open source

Save the open-source gateway for agent data access

Hoop is MIT-licensed infrastructure for controlling how AI agents reach production data. Star hoophq/hoop so you can inspect it, deploy it, or share it when your team starts governing agent access.

Star and save the repo →More posts
Ask AI about this topic
ClaudeChatGPTGrokGeminiPerplexityCopilot