Emergency Access Account

0

Hi,

I have AWS environment which uses IAM Identity Centre. Users are created in Active Directory and synced across AWS and they can access AWS. I want to create emergency access account to access AWS if Active Directory goes down. I checked the link https://docs.aws.amazon.com/singlesignon/latest/userguide/emergency-access.html but this shows to create Emergency Account if IAM Identity Centre goes down. I want such accounts which can access even if Active Directory goes down. I am thinking to create IAM users with administrative access. What is the best way to create this emergency access account in case of Active Directory Failure?

2回答
1
回答済み 5ヶ月前
0
承認された回答

Hi Manish

Break-Glass accounts are a key part of managing your AWS organisation.
I've found an IAM account the best way to protect against Azure AD issues.
As you say create a user and put in a group with the managed Admin policy applied is a simple way around this.

The only think I would point out is to make sure you store the credentials (password and MFA) in a location that doesn't also rely on Azure AD. maybe 3rd party password manager.
I've seen several people store in a security solution that requires AD permissions to get the break-glass credentials.

The following doc discusses your situation and could be a good place to start.
https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/break-glass-access.html

Hope this helps.

profile picture
回答済み 5ヶ月前
profile picture
エキスパート
レビュー済み 2ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ