A company employs SAML federation for user access to AWS accounts. Their workload, hosted in a separate AWS account, operates on immutable infrastructure without direct human access to Amazon EC2 instances. In the event of SAML errors, a designated 'break glass' user is required to access the workload account and instances. An audit revealed the absence of such a user in the workload account. The company needs to establish this user and ensure all their activities are logged and reported to the security team. Which two solutions would effectively meet these requirements?

Exam-Like

Create a local individual break glass IAM user for the security team. Create a trail in AWS CloudTrail that has Amazon CloudWatch Logs turned on. Use Amazon EventBridge to monitor local user activities.

7.1%

Create a break glass EC2 key pair for the AWS account. Provide the key pair to the security team. Use AWS CloudTrail to monitor key pair activity. Send notifications to the security team by using Amazon Simple Notification Service (Amazon SNS).

21.4%

Create a break glass IAM role for the account. Allow security team members to perform the AssumeRoleWithSAML operation. Create an AWS CloudTrail trail that has Amazon CloudWatch Logs turned on. Use Amazon EventBridge to monitor security team activities.

35.7%

Create a local individual break glass IAM user on the operating system level of each workload instance. Configure unrestricted security groups on the instances to grant access to the break glass IAM users.

14.3%

Configure AWS Systems Manager Session Manager for Amazon EC2. Configure an AWS CloudTrail filter based on Session Manager. Send the results to an Amazon Simple Notification Service (Amazon SNS) topic.

21.4%

AWS Certified Security - Specialty

Get started today

Comments