aws-break-glass-role
Create a break glass role for emergency use in AWS to limit access and configure alerts and logging for secure usage.
| Category | Identity & Access Management |
|---|---|
| GitHub Stars | 175 |
| Last Commit | 1 year ago |
| This page updated | 6 days ago |
| Pricing Details | Open-source and free to use, leveraging existing AWS services which may incur costs based on usage. |
| Target Audience | AWS administrators and security teams managing access control in cloud environments. |
The aws-break-glass-role tool is designed to create and manage a 'break glass' role in AWS environments, which is a role used in emergency situations to grant temporary access to resources that are otherwise restricted. It automates the creation and configuration of a break glass role, including setting up login alerts and logging of activities performed under this role. The tool uses AWS Cloud Development Kit (CDK) constructs to manage the role and its associated policies and permissions. It integrates with AWS services such as AWS IAM, Amazon EventBridge, and Amazon SNS to trigger notifications when the break glass role is assumed or when actions are performed under this role. The tool supports the principle of least privilege by allowing the specification of precise permissions and conditions for role assumption. It is open-source and free to use, requiring an AWS account, Node.js, and the AWS CDK CLI for deployment.