Least Privilege

Turbot is configured for Least Privilege by default in all areas.

Please see Turbot Concepts for an overview of the Turbot’s Authentication, Access and Permissions model.

No permissions by default

Users must be explicitly granted permission to access the Cluster or an Account. No access is granted without this permission.

The Turbot API defines the exact permissions required to access each operation in Turbot.

Consistent Levels of Responsibility

Turbot defines levels of responsibility which are made available for each service. For example: User, Metadata, ReadOnly, Operator, Admin, SuperUser, Owner.

Owners grant Levels of access to Users, and can easily maintain least privilege using these defined roles. For example, the AWS/Metadata Role only allows access to view information about Resources or Objects and does not grant any access to actually read the data. So, support staff can see firewall rules, S3 object lists, servers, databases, but cannot actually access any information they contain.

Organization-wide Access

Central support teams require access to all Resources and Accounts in the Cluster, which is granted through Roles like EC2/Admin, DB/Admin, S3/Operator and the like.

Users have no permissions in the Cluster until granted by a Cluster Owner.

Users with Cluster roles have immediate access to inspect Metadata about Resources (e.g. what S3 buckets exist? what firewalls are in place?) in accordance with their area of responsibility. But, access to make changes to Resources is only available on a temporary basis after a ticket has been created.

Account Access

Application teams require access to the Resources in their Account. Users must be explicitly added to an Account by the Account Owner, with clearly defined roles. This daily work, specified at a granular Application level, is allowed on an ongoing basis.

Users have access to the resources they need, and no more.

Was this article helpful?
0 out of 0 found this helpful