Managing AWS Accounts, Roles, and Permissions Easily with jmpr
The Labs introduces a new product that addresses AWS account and user management challenges.
In EGT Labs, our product and solution ideas stem from challenges we or our clients experience in our own day-to-day work. As an example, our Cloudamatic automated cloud deployment and migration solution came out of our experience supporting dozens of client projects where we saw the same problem appear. Doing a manual “lift and shift” of multiple applications to a cloud environment was challenging, and we knew there was a better way to accomplish migration through automation. It’s a similar scenario with our Artificial Intelligence (AI)-chatbot Auxilium. In talking with our clients, we realized there was a need for a chatbot that leveraged AI and machine learning to provide interactive and conversational support to our customers’ users, while remaining open source and interoperable. With our Amazon Web Services (AWS) management product jmpr, we again created a solution that addressed our client’s toughest challenges. In our client and internal AWS projects, we found ourselves spending a lot of time navigating two separate but related challenges with account and user management in AWS: switching between accounts easily including multi-factor authentication (MFA) and managing AWS accounts on projects with a high rate of change.
Challenge 1: Switching Between AWS Accounts & Projects
Our AWS developers and administrators support multiple projects, with each project typically requiring continual transitions between multiple AWS accounts across different AWS partitions (e.g. Commercial, GovCloud). On any given day, we could be supporting one client project in one AWS environment, and then receive an urgent request to help with a task on another project. As the need to switch between AWS projects occurs, our team needs to complete 7-10 steps between projects (especially when MFA is enabled). Over a day, this time can be additive and converts into productivity loss.
Challenge 2: Managing AWS Accounts, Roles, and User Permissions on Large Projects
AWS administrators have a tough job. They need to manage all of the AWS accounts for a project, all of the users and their roles and permissions, along with ensuring they are abiding by AWS security best practices and auditing. What happens if a project spans across an organization, involving hundreds to thousands of AWS users with matrixed roles and permissions? What if there is a high occurrence of change through role escalations, staff transitions (e.g. personnel leaving and joining projects), and permissions escalations and de-escalations? What about automatic auditing to capture all account modifications? In a large corporation or organization, this scenario is an everyday reality and can evolve into a full-time job for AWS administrators.
Solution: Enter jmpr
We’ve developed jmpr – an AWS user and account management tool to solve these problems. With jmpr, AWS users gain a simple drop-down menu in their AWS console that allows them to quickly navigate between AWS environments in a single click – honoring MFA when enabled. With jmpr, there’s no requirement to reauthenticate with a password and input an MFA authentication code in each new account. jmpr takes care of the authentication as you click between accounts.
Administrators manage all their projects, user accounts, roles, and permissions through a unified jmpr user interface that provides complete operational oversight across all projects in a centralized UI. After administrators modify accounts, users and permissions, the administrative actions are captured, audited and made visible through the UI as well. This makes it simple to track the lineage of events and enforce good governance over all of your AWS projects and accounts.
Benefits & Impacts
44% to 88% annual staff cost savings over manual operations with increased savings as the number of AWS users increase. Without jmpr, permissions management rapidly becomes error prone and time prohibitive. Management using jmpr remains workable as the number of AWS users and accounts to be managed increases.
Apply access security easily, rapidly and flexibly across managed users
Manage large sets of customers and accounts securely
Reduce administrative burden and knowledge needed to administer accounts
Reduce training burden for AWS administrators
Increase auditability for an Authority to Operate (ATO) or AWS Competency
Faster response to issues through faster account access
Better segregation of projects in accounts for improved security boundaries
We use jmpr in the Labs every day when managing our internal AWS accounts (“drinking our own champagne”) and it’s a great solution for Federal agencies and commercial organizations who experience the above challenges or want a better way to manage their AWS user accounts and projects. If you would like to see a demo or learn more about jmpr, visit us at https://www.eglobaltech.com/jmpr-software.