AWS Reference Architecture 1 - IAM with Review Control

As large companies want to control the security of their cloud environment as much as possible for their mission-critical applications, there is a need for a well-architectured review control where no one user has the power anymore of submitting IAM (Identity and Access Management) changes without a well-defined process.

The diagram below shows one option of implementing a full review process for IAM changes, which can include for example a Cloud SME, an End to End Architect and a Security Architect.

AWS Reference Architecture #1

Detailed workflow during production as below:

  1. Users will submit via a Git Push a JSON file with the IAM changes which they would like to be accepted. This change will be submitted into a separate branch and will not be part of the master branch until approved and cherry-picked.

  2. Power Users, which have the approval rights, will review the submitted change and either propose changes or approved from their own perspective.

  3. Once all approvals are in place, the change can be cherry-picked and merged into the master branch.

  4. While Gerrit supports an Active-Active scenario where both servers act as a master and are capable of processing requests, the backend database which Gerrit supports (either MySQL or PostgreSQL) will be deployed in a Master-Slave scenario.

  5. One-way replication of the Master Database will happen into the Slave Database. With a Multi-AZ deployment feature of AWS, automatic failover will be in place in case the Master Database will go down, the Slave Database automatically being promoted to a master if the sync link will be lost.

  6. Once the Git Push is cherry-picked into the master branch, Gerrit supports the mirroring of the master branch into a remote repository, which in this scenario is hosted in AWS using the CodeCommit functionality. Users do not require access into the CodeCommit repository, they require access only for submitting changes into Gerrit.

  7. Using a Git Webhook, once a new commit is present into the master branch, a Lambda function will run the JSON file and activate the required access which the user requested for.

Minimum requirement!

Users will require basic knowledge of how Git and Gerrit systems work from a User perspective.

For security reasons, the architecture is using two different VPCs so that a Security Group is in place between the two tiers of the solution.

For high-availability, the architecture is spanning two different Availability Zones, with no single point of failure.