I'm diving into AWS Systems Manager Incident Manager and I'm trying to figure out the best way to automatically assign an elevated privilege role to responders during their on-call periods. Here's what I'm thinking: if Responder A is on-call this week, they should be granted an admin role, while Responder B, who will be on-call next week, should receive that role automatically as well. Ideally, once Responder B is on-call, Responder A should lose access to the admin role. I'm not sure if this functionality exists within the Incident Manager, or if I'll need to implement a custom solution using EventBridge and Lambda. Any thoughts?
2 Answers
You might want to check out this link on IAM and Identity Center. It might have some relevant information that could help with your setup! https://aws-samples.github.io/iam-identity-center-team/
Using a Lambda function to adjust the policy for a special on-call admin role sounds like a solid approach. You can set it up to allow specific individuals to assume the role based on an EventBridge schedule. Sounds like the simplest solution for what you're trying to do!
That definitely seems like the easiest way to implement this, especially with EventBridge! Good luck!
Thanks!
Thanks for sharing the link!