- 新しい順
- 投票が多い順
- コメントが多い順
Hello Manish, I think the below links might be able to help with your issues - https://aws.amazon.com/blogs/modernizing-with-aws/automate-disaster-recovery-for-your-self-managed-active-directory-on-aws/ https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_best_practices.html Please let me know if u need more help Thanks
Hi Manish
Break-Glass accounts are a key part of managing your AWS organisation.
I've found an IAM account the best way to protect against Azure AD issues.
As you say create a user and put in a group with the managed Admin policy applied is a simple way around this.
The only think I would point out is to make sure you store the credentials (password and MFA) in a location that doesn't also rely on Azure AD. maybe 3rd party password manager.
I've seen several people store in a security solution that requires AD permissions to get the break-glass credentials.
The following doc discusses your situation and could be a good place to start.
https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/break-glass-access.html
Hope this helps.
関連するコンテンツ
- AWS公式更新しました 3ヶ月前