Skip to content
/ Startup-AWS-IAM-Roles Public

A list of typical positions in a startup and their policies for IAM AWS.

146 stars 35 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TalEliyahu/Startup-AWS-IAM-Roles

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
large
large
 
 
midsize
midsize
 
 
small
small
 
 
README.md
README.md
 
 
ROLES.md
ROLES.md
 
 

Repository files navigation

IAM Roles for Startups

Motivation

Many startups are now using AWS infrastructure for their company, but being new to AWS, they are unaware of the importance of IAM ROLES. It's hard to remember the importance of your permissions structure when you're just starting out. Our goal is to provide the initial hand holding for the business owner with setting up IAM Roles with basic templates to expedite the process of moving you to AWS. After all, security is of utmost importance, especially starting out. Not starting with the right structure is going to cause accumulation of technical debt.

This project focuses on creating a skeleton of IAM roles for startups or any company moving to AWS. This provides the company with the ability to get started with little or no modifications. The project focuses on multi-size startup companies:

  • Small - 5 people
  • Midsize - ~12 people
  • Large - 40 or above

Follow Us On alt text

Role of Security

In this project, we try to place security above everything. We are deny'ing deletions in our policies to stop avoid accidental deletions. As an added layer of security, we are making MFA mandatory for every user that logs in, even admins. If anybody logs in without an MFA, the only permissions they will have is to turn on their MFA.

Assumptions

Based on best practices in AWS, ee are working with the following assumptions:

  • Presence of generic job roles.
  • Every user will log in from the companies external IP
  • Use of blacklist instead of whitelist to keep the roles tidy.

Job Profiles

We are considering job profiles across different verticals, i.e: business, finance, tech and ops.

read ROLES.md for role and its assumption details.

Setting Up Roles

  • Create IAM Policies for each Job Type
  • Create IAM Groups for each Job Type with respective IAM Policiy attached
  • Add users to IAM groups based on their position
  • ALL users need added to the FORCE_MFA group which has the FORCE_MFA policy attached.

Contributing

  • Fork it!
  • Create your feature branch: git checkout -b my-new-feature
  • stage your feature: git add <changed_file>
  • Commit your changes: git commit -m 'feat: add new feature' -m 'add my-new-feature, use it as: my-new-feautre(args)' -m 'closes #26'
  • Push to the branch: git push origin my-new-feature
  • Submit a pull request :D

Contributors

  • Padmakar Ojha @dvopsway
  • Michael Amurjuev @LawTech Enthusiast
  • Kj Venky @kjvenky

About

A list of typical positions in a startup and their policies for IAM AWS.

Topics

aws iam startup aws-iam startups iam-policy iam-role iam-profile iam-users iam-instance-profile

Resources

Readme
Activity

Stars

146 stars

Watchers

12 watching

Forks

35 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5