Docs / Integrations / Adapters

AWS Adapter

Normalize infra mutation intents (IAM, ASG, network, terraform request) before execution.

Back to Directory Integration Hub Policy Guides API Reference

What it does

Normalize infra mutation intents (IAM, ASG, network, terraform request) before execution.

How it works

1. Validate intent

Adapter checks structure only (required fields, types, unknown fields). It does not run policy logic.

2. Normalize action

Intent is mapped to a generic NormalizedAction with action type INFRA_CHANGE.

3. Evaluate policy

Governor evaluates centrally with fail-closed semantics. Any uncertainty returns deny.

4. Build plan + execute

Execution plan is descriptive. Default path is dry-run and returns planned external calls.

5. Emit evidence

Decision output includes deterministic evidence packet and stable evidence hash.

Why this is useful

Removes adapter-specific policy drift by centralizing decisions.

Creates one audit and evidence model across all integrations.

Supports safe rollout with dry-run first and explicit approval paths.

Improves incident response because every decision has a deterministic hash.

Use it for

Cloud infra change control with deterministic approvals and evidence

Tier: Tier 1 · Critical Infra

Adapter ID: aws

Action family: INFRA_CHANGE

Example intent

{
  "action": "scale_asg",
  "account_id": "123456789012",
  "region": "us-east-1",
  "asg_name": "checkout-prod",
  "desired_capacity": 6,
  "requested_by": "platform-bot"
}

Where to monitor

Integration Runtime View

Adapter health, evaluation outcomes, and dry-run execution traces.

Incidents + Deny Analysis

Investigate denied actions and policy matches with evidence references.

Evidence Docs

Validate evidence hashes and export packets for audits.

Policy Docs

Define allowlists, thresholds, manual gates, and environment controls.