Emergency Access Account

0

Hi,

I have AWS environment which uses IAM Identity Centre. Users are created in Active Directory and synced across AWS and they can access AWS. I want to create emergency access account to access AWS if Active Directory goes down. I checked the link https://docs.aws.amazon.com/singlesignon/latest/userguide/emergency-access.html but this shows to create Emergency Account if IAM Identity Centre goes down. I want such accounts which can access even if Active Directory goes down. I am thinking to create IAM users with administrative access. What is the best way to create this emergency access account in case of Active Directory Failure?

2 Antworten
1
beantwortet vor 5 Monaten
0
Akzeptierte Antwort

Hi Manish

Break-Glass accounts are a key part of managing your AWS organisation.
I've found an IAM account the best way to protect against Azure AD issues.
As you say create a user and put in a group with the managed Admin policy applied is a simple way around this.

The only think I would point out is to make sure you store the credentials (password and MFA) in a location that doesn't also rely on Azure AD. maybe 3rd party password manager.
I've seen several people store in a security solution that requires AD permissions to get the break-glass credentials.

The following doc discusses your situation and could be a good place to start.
https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/break-glass-access.html

Hope this helps.

profile picture
beantwortet vor 5 Monaten
profile picture
EXPERTE
überprüft vor 2 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen