This document discusses automating a "break-glass" solution for granting temporary emergency access to critical AWS resources. The solution uses AWS Identity and Access Management (IAM), Amazon Simple Notification Service (SNS), AWS Lambda, AWS Systems Manager, and AWS Service Catalog to provision temporary access. When a request is approved, the helpdesk agent gains one-time access to provision the required resources through a service catalog. The solution ensures access is removed at the end of the approved duration and auditing of all actions is performed.
3. Break-glass procedure: Granting emergency access to
critical systems
Break glass (which draws its name from breaking the glass to pull a
fire alarm) refers to a quick means for a person who does not have
access privileges to certain information to gain access when necessary