1. Communit
y
AWS Community
Secure from Day-0: Increase Your
Security Posture with Temporary Elevated
Access and AWS IAM Identity Center
Andrey Devyatkin
AWS Las Palmas User Group
2. AWS Community
Andrey Devyatkin
Cloud Engineering Specialist
Co-Founder at FivexL
Co-Host at DevSecOps
Talks podcast
AWS Community Builder
AWS User Group Leader
Happy resident of Las Palmas
18. AWS Community
- Developer Bob needs to get data from Production Database
- Bob asked his team lead Kate for permissions
- Kate told that company policy don’t allow access to Production Database and she have to ask CTO
- CTO was busy for a week and finally response that this is okay to grant Bob required permissions
and also change a policy and etc
- Kate asked InfraSec team to implement new security policy and grant Bob required permissions
- Bob finally able to get data from database and it allows him to implement new feature in the
codebase
How it usually happens?
19. AWS Community
- Time. Depends of the company size this process could takes from days to weeks.
- Maintenance. As company grows it will be more and more complex systems with many groups and
roles.
- Security. Our developer or developers will permanently have new permissions.
What problems do we see?
21. AWS Community
Temporary elevated access (also known as just-in-time access) is a way to request, approve, and track
the use of a permission to perform a specific task during a specified time. Temporary elevated access
supplements other forms of access control, such as permission sets and multi-factor authentication.
Temporary Elevated Access
Approve Action
Request
More info:
https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html
25. AWS Community
AWS IAM Identity Center (AWS Single Sign-On)
More info: https://aws.amazon.com/iam/identity-center/
26. AWS Community
Validated AWS Security Partners for temporary
elevated access
More info:
https://docs.aws.amazon.com/singlesignon/latest/userguide/temporary-elevated-access.html#vali
datedpartners