Skip to content

Commit

Permalink
update readme.md for mfa
Browse files Browse the repository at this point in the history
  • Loading branch information
@RealityShift
RealityShift committed Sep 4, 2017
1 parent 2cd2c3f commit 7865a2f
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# IAM Roles for Startups
# IAM Roles for Startups



Expand All @@ -14,20 +14,20 @@ This project focuses on creating a skeleton of IAM roles for startups, with the

Follow Us On [![alt text][2.1]][2]

[2.1]: http://i.imgur.com/P3YfQoD.png
[2.1]: http://i.imgur.com/P3YfQoD.png
[2]: http://www.facebook.com/SingaporeTechEntrepreneurs/

## Role of Security

In this project, we try to place security above everything. We are trying to avoid accidental deletions. We are assuming that every team member will log in from known IPs. As an added layer of security, we are making MFA mandatory for every user that logs in, even admins.
In this project, we try to place security above everything. We are trying to avoid accidental deletions. We are assuming that every team member will log in from known IPs. As an added layer of security, we are making MFA mandatory for every user that logs in, even admins. To add the mandatory MFA, there is a policy called "forceMfa.json" that will need to be created and added to a group called FORCE_MFA. Each IAM user to be created, will need to be a part of the FORCE_MFA group. This policy will deny IAM user's access to AWS resources until they add their MFA and use it to authenticate.

## Assumptions

We are working with the following assumptions:

Presence of generic job roles.
In case an employee is wearing multiple hats, make sure you update accordingly. We have tried to block certain destructive actions like bucket deletion, accidental terminations for users who are not AWS admin like frontend and backend engineers.
Use of blacklist instead of whitelist to keep the roles tidy.
Use of blacklist instead of whitelist to keep the roles tidy.

## Job Profiles

Expand All @@ -49,8 +49,8 @@ Create groups based on job profiles and attach policy documents from this projec
- Submit a pull request :D


## Contributors
## Contributors

- Padmakar Ojha @dvopsway
- Michael Amurjuev @LawTech Enthusiast
- Michael Amurjuev @LawTech Enthusiast
- Kj Venky @kjvenky

0 comments on commit 7865a2f

Please sign in to comment.