We're looking to automate our AWS IAM processes, but right now, it's a manual ticketing system that really slows down our deployment. Our current workflow involves developers needing AWS access sending a message to IT, who then manually creates an IAM user or adds them to a group. This can take 2-3 days and there's no clear audit trail. We've automated our infrastructure and applications with Terraform, but IAM is still a manual process. We've tried using AWS IAM Identity Center, but it doesn't integrate well with our Okta setup. Additionally, our IT team isn't interested in Just-In-Time access tools, and we don't have the time to build custom automations. I'm looking for advice on how others manage IAM in their DevOps workflows, ideally something that can gain IT approval without causing deployment delays, and preferably compatible with git-based approvals and Terraform.
4 Answers
Have you considered that Okta can serve as a hub between AWS and your users? Set up roles and groups in Okta, and use SAML Federation to establish the connection. Pre-Identity Center, this was quite simple using AWS's native IAM console. Let me know if you need more details on that process.
It sounds like you've got to rethink your identity management approach. You should look into implementing an Identity Governance Admin (IGA) solution that'll automatically handle role assignments and provisioning from your IdP. This way, requests for access can be centralized without manual IT intervention.
It sounds like you're having some trouble with Okta not syncing well with IAM Identity Center. Have you tried using SCIM? It should allow you to sync users and groups from Okta to the Identity Center smoothly. Maybe there's a specific issue causing the integration hiccup.
I hear you about the manual process. Honestly, I've cut down on using IAM users as much as possible. Instead, I leverage Okta with SSO. Users typically have limited access via SAML, and IT can manage temporary high-access roles without much hassle. What exactly is the challenge with your Okta setup?
Exactly, it sounds like you're stuck with a design issue. Integrating Okta with IAM Identity Center should be straightforward. You need a solid governance model for managing accesses, and Okta can facilitate that.
Yeah, I agree! We've had smooth integration with Okta and IAM Identity Center recently. It might just be a setup issue on your end.