We recently introduced IAM elevation capability from within the Dome9 web console. As a Dome9 customer:
1. Any member of a group of security admins would be able to authorize permission elevation to a user
2. A security admin would control all IAM users, including non Dome9 users
– Define for D9 user list of protected users (IAM entities)
– Dome9 users screen: the admin define the list of users/roles that D9-user can elevate
– Support elevation from the D9 web console
– IAM users: Support protecting multiple IAM users
– Terminate all elevation button
Only a small group of security admins need to be Dome9 users, controlling a larger amount of Amazon accounts and IAM users, and elevating their permission only when needed. With IAM safety ad-hoc permission elevation the attack surface is reduced.
Stay tuned for further updates!