Hi Team,
We have a requirement where we need to implement least privilege model for AWS unix instances.
Currently we tried to achieve this via provisioning cmd using entitlement conditional, but that approach will not support when we are doing automatic onboarding as we have to update provisioning cmd specifically for each instance endpoint connection based on their entitlement plus we will end up creating separate entitlement for least privilege other than visibility control entitlements.
Note : we tried to achieve about method as there is no IAM role-based model available in AWS.
Have you come across such use case in any other clients? suggestion on the above method to automate?
As work around or alternate solution, we are planning to create a user group based on aws tag when bootstrapping the instances and assign the user to that group in the provisioning cmd based on the common entitlement. Let us know the options available to implement this solution.
Thanks,
Ruban
