Documentation
These are a collection of technical documents recording some of the more low-level aspects of our identity implementation.
Access Control Overview
How we manage access to AWS resources
Access Control Architecture
Explanation dynamic terraform roles and access control
Access Control Evolution
Understand how our access model has evolved
Restricting Admin Access
The Cloud Posse Reference Architecture provides standard workflows (described elsewhere) for managing resources in a multi-account AWS organization via Terraform. Those workflows cannot apply to certain very sensitive operations due to technical limitations, and by design should require some kind of elevated privilege to perform in sensitive accounts. This document describes options for how to restrict access and perform those operations. In particular, it describes the differing options and configurations available with different versions of the Cloud Posse Reference Architecture.
Dynamic Terraform Roles
Learn how Terraform automatically discovers roles