I'm curious about the tools you all use for managing time-based temporary permissions across different platforms like AWS and GCP. Specifically, I'm looking to control access for things like AWS or GCP accounts, databases, and SSH access to restricted resources. Any suggestions or solutions that have worked well for you?
3 Answers
For AWS, I prefer using STS (Security Token Service) for setting session durations, which can streamline permission flows. I've also had great success with SSH certificates generated from a Vault cert signer, allowing temporary access as needed. Super effective!
I’ve been using a mix of EventBridge schedules with Lambda functions to manage permissions dynamically. It works well for granting targeted access to external users using IAM permissions with tag conditions. Definitely worth considering!
On GCP, leveraging PAM (Privileged Access Management) is a solid option. AWS doesn’t have this natively, so you'll usually need to look into third-party solutions. But PAM simplifies the whole process.
That's interesting! I'm using STS tokens too, but I'm unsure how to automate giving and revoking roles temporarily. Any tips for setting that up?