- Newest
- Most votes
- Most comments
To implement a Maker Checker concept on your AWS account, you can utilize AWS Identity and Access Management (IAM) policies and workflows. Here's a high-level overview of the steps involved:
-
Set up IAM roles and policies: Create an IAM role for the Admin user and configure policies that grant the necessary permissions for EC2 instance management. Also, create an IAM role for the Root User (Owner) with permissions to approve or reject the Admin's requests.
-
Create an approval workflow: Develop a custom workflow or utilize AWS Step Functions to define the approval process. This workflow should include steps for requesting, approving, and rejecting EC2 instance operations.
-
Request EC2 instance creation or termination: When the Admin user wants to create or delete an EC2 instance, they initiate the request through a web interface, API, or CLI command.
-
Send request for approval: Once the Admin user submits the request, a notification or message is sent to the Root User (Owner) indicating the pending request for approval. This notification can be sent via email, AWS Simple Notification Service (SNS), or any other preferred method.
-
Review and approve/reject the request: The Root User (Owner) reviews the request and decides whether to approve or reject it. This can be done through a custom approval interface or by directly modifying the state of the workflow.
-
Execute the request based on approval: If the request is approved, the workflow proceeds to launch or terminate the EC2 instance using the credentials of the Root User (Owner). If the request is rejected, the workflow terminates without taking any action.
-
Send notifications and update status: Once the EC2 instance is launched or terminated, notifications can be sent to the Admin user and other stakeholders to inform them about the status of the request.
By implementing this Maker Checker concept, you introduce an additional layer of control and accountability in your EC2 instance management process. It ensures that requests for creating or terminating instances are subject to approval from the Root User (Owner) before they are executed.
Note: Implementing such a workflow may involve some custom development work using AWS services and APIs. You can also explore third-party solutions or AWS Marketplace offerings that provide similar approval workflows and governance features.
Relevant content
- asked a month ago
- asked 4 years ago
- asked 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago