We recently introduced IAM elevation capability from within the Dome9 web console. As a Dome9 customer:

1. Any member of a group of security admins would be able to authorize permission elevation to a user

2. A security admin would control all IAM users, including non Dome9 users

Key Capabilities

– Define for D9 user list of protected users (IAM entities)

     – Dome9 users screen: the admin define the list of users/roles that D9-user can elevate

– Support elevation from the D9 web console

     – IAM users: Support protecting multiple IAM users

– Terminate all elevation button

Only a small group of security admins need to be Dome9 users, controlling a larger amount of Amazon accounts and IAM users, and elevating their permission only when needed. With IAM safety ad-hoc permission elevation the attack surface is reduced. 

Stay tuned for further updates!