Hi, I am Sagar Gulabani, founder of Classicops(https://www.classicops.com/). Classicops provisions time based access to your production AWS Accounts, all with an approval flow.
I have worked as a devops engineer in the past 3 years and I have seen people facing troubles getting access to other people’s AWS Accounts, especially when they are production accounts. People don’t trust others easily with access to their production accounts which hinders productivity for genuine usecases. With some of our non technical folks running AWS Accounts, figuring out the nuances of IAM policies becomes a pain. What ends up happening is people give access that is too permissive which is perpetual in nature or its restrictive, which is fine but still perpetual. There is back and forth over communication tools like slack and JIRA to get the permissions right for the use case. And then when a second use case props up, this entire process repeats itself till we reach a point where the user has accumulated a lot of permissions. The permissions last as long as the person works with the AWS account owner. It would be quite cool to have the ability to let the requester provide for the IAM permissions he requires, approve it and automatically provision access for the users for a restricted time period, all through a single packaged platform.
I looked around for tools that would be solving this problem, but I really couldn't find one. I also saw people looking for chatops solution online to solve this problem. Classicops goes a step ahead and is a full fledged platform wherein users who want access to the AWS Account could request for permissions by either using a managed IAM Policy or providing a custom IAM policy for a given time period. Once the access is approved, the person would be allowed access to AWS using the console or using CLI credentials. Once the time period is over the access would be revoked automatically. The ability to do this reduces bottlenecks in productivity and helps AWS Account owners work with more people with a lesser risk of damage. This also could be extended to staging and dev accounts. Classicops has been built with a structure of teams and organisations in mind with appropriate roles for different people.
We do understand that there would be concerns around giving IAM access to external softwares so we do plan for certifications and also provide options for a self hosted offering.
We have launched the beta for which you could sign up at https://beta.classicops.com and try it out. The product is free while it is in beta. We’d love to hear your feedback on the product. Its incredibly important for us. Thanks for reading through our launch post.
No comments yet.