Segregation of Duties

Turbot’s simple and consistent model for Identity & Access Management helps organizations maintain a clear segregation of duties for appropriate actions and controls.

Please see Turbot Concepts for an overview of the Turbot’s Authentication, Access and Permissions model.

Operations as Root (unnamed users)

Turbot configures all resources to require access as a named user and maintains audit trail logs of activities. However, emergency situations exist where root access is required.

All access to AWS root accounts requires two separate users to act in cooperation, splitting the password from the MFA one time password to gain access. Similarly, recovery of account credentials in an emergency requires separate users with access to the email address and the security challenge questions.

Organization-wide Access to Resources

Central support teams including operations, security, management require access to resources from all applications. Turbot defines organization-wide roles on the Cluster level, with separate permissions available for each level of required access. For example:

  • Anne can be granted S3/Metadata access in the Cluster, allowing her to see the structure but not read or modify object data.

  • Bob can be granted EC2/Admin access in the Cluster, allowing him to see and modify any EC2 server in any account. Read access is available on demand and logged, but access to make changes is granted temporarily with an open ticket visible to the Account team hosting the servers.

  • Claire can be granted Turbot/Owner access in the Cluster, allowing her to manage Turbot permissions and ownership across accounts. Claire has responsibility for managing organization-wide permissions granted by the Cluster.

Account level Access to Resources

Application teams manage their own resources through self-service, with access granted to appropriate permissions within the account only. Duties can be separated either between services (e.g. S3 vs EC2 servers) or between the level of access granted (e.g. S3 Metadata, vs Redshift Admin).

Common Examples of Segregation of Duties

Network management is performed in Turbot at the Cluster level, segregated from server provisioning which is self-service at the Account level.

Database management with RDS is granted through RDS permissions, and separate from Server management in EC2 which is granted through EC2 permissions.

Development accounts can readily collapse roles, allowing a developer to have AWS/Admin for example will grant them both server and database management rights.

Was this article helpful?
0 out of 0 found this helpful