Development of a reliable identity management solution for accessing cloud resources inside AWS and establishment of a governance over all identity management aspects.
ABOUT THE COMPANY
The company is an internationally active insurance group with almost 30,000 employees worldwide and more than 10,000 full-time agents. With insurance premiums in the tens of billions, the company is one of the largest primary insurers in Germany and Europe.
active users accessing
The customer has an environment with over 130 AWS accounts and 60 productive applications where a reliable central IAM solution was needed to report compliance of all user accounts and to allow a reliable and compliant (against customer’s security guidelines) solution for accessing AWS resources for all application developers. The solution should scale with the size of the platform and be able to onboard new projects within minutes rather than days or weeks. The platform was designed to scale and to take up even more corporate applications with different operating models.
OUR PROPOSED SOLUTION
We developed a multi-purpose and multi-project account structure that separates projects from each other on an AWS account level. Each project was given two AWS accounts (development/integration and production) for their workloads. For authentication against AWS accounts we used AWS IAM to fulfill all customer needs regarding compliance (MFA/IP restriction/Rotation of Keys/Service User Governance and others), scalability and security.
For this we automated account setup in the following way:
With this solution we could onboard new users very quickly and without compromises in terms of speed/agility and security. Users can access their project resources in an agile but governed way by a central logic that notifies in case of a misconfiguration or incident.
Additionally, we implemented several compliance checks against AWS IAM that were reported to a central ElasticSearch for further handling of a central cloud operations team:
Incidents/findings are reported to a central cloud operations teams (within a cloud competence center) to handle the incidents and route them to the user.
AWS AS A CENTRAL PART OF THE SOLUTION
The solution was heavily built on multiple AWS services.
REALIZED RESULTS AND POTENTIALS
All requirements regarding identity management of the customer could be fulfilled. The solution even surpasses the currently implemented solutions from the customer regarding scalability and security. A very low issue rate from customers regarding accessing their resources via AWS IAM was achieved. Very good transparency of the compliance state of all IAM resources was established via AWS ElasticSearch (Age, Activity, …). Onboarding of new projects is handled in minutes and a compliance report can be created on demand without manual tasks involved.
Please contact me for an appointment.
Prefix * Prefix*Mr.Mrs.Ms.diverse
Last Name *
You can use the above contact form to send us your request. Your data will be forwarded to our provider by e-mail to us and deleted immediately after answering, if there are no statutory storage requirements. A use for another purpose or a data transfer to third parties does not take place. You may revoke your consent to data collection and use at any time by message to us. In case of cancellation your data will be deleted immediately. Please refer to our Data Protection for more information. Hereby you confirm that you have read them and agree to the transmission of the form. *
6 + 1 = ?Bitte löse die Gleichung. Diese Maßnahme dient der Abwehr von Spam *
Tel.: +49 40 88155 – 0
Im Mediapark 6b