Securing Your Claude Agent Stack
From shared credentials and no audit trail to a hardened, compliant agent fleet
Chapter 1: Audit Your Current State
Answer these honestly:
- Are your agents sharing a single API key or AWS credential set?
- Can you tell which agent used which credential and when?
- Does every agent have the same level of access?
- Can you reconstruct what each agent did last week?
- Are any operations gated on human approval?
If most answers are “no,” you’re in the common starting position — and one incident away from a bad day.
Chapter 2: Implement Least-Privilege RBAC
Step 1: Map agents to their actual needs
| Agent | Needs | Does NOT Need |
|---|---|---|
| code-reviewer | Repos (read), PR comments (write) | Push, merge, deploy, databases |
| ci-runner | Repos (read), ECR (push), ECS staging | Production, IAM, databases |
| support-bot | Tickets (read/write), CRM (read) | Code repos, infrastructure |
Step 2: Write per-agent policies
# code-reviewer — read and comment only
policies:
- git:read on repos/*
- git:comment on repos/*/pull-requests/*
# ci-runner — staging free, production gated
policies:
- git:read on repos/*
- git:push on repos/*/branches/feature/*
- aws:ecs:UpdateService on arn:aws:ecs:*:*:service/staging-*
- aws:ecs:UpdateService on arn:aws:ecs:*:*:service/prod-*
requires_approval: true
Step 3: Test — have each agent attempt an action outside its permissions. Verify it’s denied and logged.
Chapter 3: Set Up Audit Logging
Sentrely logs everything automatically. Make it useful:
Configure retention based on your requirements — SOC 2 needs 1 year, HIPAA needs 6 years.
Export to your SIEM:
audit:
export:
destination: s3://your-audit-bucket/
format: json
frequency: hourly
Set up alerts for:
- Permission denied events (agent trying to exceed bounds)
- 10x normal request volume (possible runaway loop)
- Off-hours activity
- New resource access patterns
Chapter 4: Configure Approval Gates
Always gate: production deploys, database migrations, customer data modification, financial transactions, IAM changes, secret rotation.
Usually safe to automate: code review comments, test execution, staging deploys, internal notifications, documentation generation.
- aws:ecs:UpdateService on arn:aws:ecs:*:*:service/prod-*
requires_approval: true
approval_channel: slack:#deploy-approvals
approval_timeout: 60m
Chapter 5: Set Token Budgets and Alerts
budget:
max_tokens_per_session: 100000 # ~$0.30-1.50 depending on model
max_sessions_per_day: 50
alert_at: 80%
project_budget:
monthly_limit: $500
alert_thresholds: [50%, 75%, 90%]
on_exceed: pause_and_alert
Rate limiting catches runaway loops before they drain budget:
rate_limits:
max_requests_per_minute: 30
on_exceed: throttle_and_alert
Chapter 6: Test Your Policies
Run these prompts against each agent to verify controls:
- Ask for an action outside its policy → should be denied
- Ask for an action requiring approval → approval request should appear in Slack
- Run a session approaching the token limit → alert should fire
- Ask to access a different project’s resources → should be denied
Document results. Run monthly or after any policy change.
Chapter 7: Ongoing Security Hygiene
Weekly: Review denied requests and unusual patterns.
Monthly: Audit agent permissions, remove access no longer needed.
Quarterly: Rotate credentials, review approval gate effectiveness.
On incident: Use the audit trail to trace the issue, identify the policy gap, update controls.
Put this playbook into practice
Sentrely is the managed control plane this playbook is built around. Get early access and deploy in minutes.