Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create AWS IAM user expiration policy #88

Open
4 tasks
ale210 opened this issue Sep 19, 2024 · 1 comment
Open
4 tasks

Create AWS IAM user expiration policy #88

ale210 opened this issue Sep 19, 2024 · 1 comment
Assignees
@brittanyms
Labels
complexity: small feature: IAM role: Dev Ops Lead size: 1pt Can be done in 4-6 hours
Milestone
02 - Security

Comments

@ale210
Copy link
Member

ale210 commented Sep 19, 2024
edited by ExperimentsInHonesty
Loading

Overview

we need a policy for how to manage old IAM accounts, so that we reduce hacking risk.

Action Items

  • Write up criteria for deactivating stale accounts
  • Add instructions for achieving it
  • Discuss with team
  • Implement

Decisions to be made

  • How long
  • What happens (automatically deleted or notification, combination)
  • Suggestion: accounts with no login past 180 days should be somethinged (Alex)
@github-project-automation github-project-automation bot moved this to New Issue Review in CoP: DevOps: Project Board Sep 26, 2024
@ExperimentsInHonesty ExperimentsInHonesty changed the title Create AWS IAM user policy Create AWS IAM user expiration policy Nov 14, 2024
@ExperimentsInHonesty ExperimentsInHonesty added this to the 02 - Security milestone Nov 14, 2024
@ale210 ale210 moved this from New Issue Review to Prioritized Backlog in CoP: DevOps: Project Board Jan 23, 2025
@brittanyms brittanyms self-assigned this Jan 23, 2025
@brittanyms brittanyms moved this from Prioritized Backlog to In progress (actively working) in CoP: DevOps: Project Board Jan 23, 2025
@brittanyms
Copy link
Member

Hi All,

Here are my notes and discussion thoughts regarding this issue.

Criteria:

  1. Inactivity Threshold
  • what time period do we want to use to classify an account as inactive? (120 days ~ 6 months)
  • what about if there are h4la members that step away for a while then come back?
  1. Project Accounts
  • are IAM accounts currently assigned on a project level as well?
  • if so, projects that are no longer active should be deactivated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brittanyms brittanyms

Labels
complexity: small feature: IAM role: Dev Ops Lead size: 1pt Can be done in 4-6 hours
Projects
CoP: DevOps: Project Board
Status: In progress (actively working)
Milestone
02 - Security
Development

No branches or pull requests
3 participants
@ale210 @ExperimentsInHonesty @brittanyms