โ Compliance hub
IAM & least privilege
Cloudflare console access, API tokens, and deployment credentials.
Internal operational discipline โ not an audited SOC report.
Practices
- Monthly access reviews: Reconcile Cloudflare members, token scopes, and stale integrations.
- Scoped tokens: Prefer minimal permissions for CI/CD and Wrangler.
- Break-glass: Rare-use emergency accounts documented offline with post-use rotation.
Checklist: docs/compliance/IAM-REVIEW-CHECKLIST.md