Benchmark: BP03 Establish emergency access process
Description
A process that allows emergency access to your workload in the unlikely event of an automated process or pipeline issue. This will help you rely on least privilege access, but ensure users can obtain the right level of access when they require it. For example, establish a process for administrators to verify and approve their request, such as an emergency AWS cross-account role for access, or a specific process for administrators to follow to validate and approve an emergency request.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-well-architectedStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select BP03 Establish emergency access process.
Run this benchmark in your terminal:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec03_bp03Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_well_architected.benchmark.well_architected_framework_sec03_bp03 --shareControls
- IAM groups should have at least one user
- Ensure managed IAM policies should not allow blocked actions on KMS keys