Created an Executive Break-Glass Account
I received a special ticket from my infrastructure lead to create a break-glass account in case there is a critical emergency in the future with the current running services currently deployed in my account. This account will bypass normal access providing the executive special privileged user immediate access into high level system accounts to complete critical tasks in worse case scenarios defined in a security policy. This account was created with an SSM document that sets up a public RSA key authentication authorized by executive request via my infrastructure lead.
code
schemaVersion: “2.2”
description: “Create local user ‘break-glass’ and set up public key authentication”
parameters:
PublicKey:
type: “String”
description: “The public RSA key for the ‘break-glass’ user”
default: “ssh-rsa
THISISAFAKEKEYDEMOgKCAgEAwOj0HtV9WpXkHxNy9Cfb THISISAFAKEKEYDEMOgKCAgEAwOj0HHmdVl5B3gIrydyODqj+gJcQp3Nhe7J THISISAFAKEKEYDEMOgKCAgEAwOj0Hp9FndXzXZ7SeP+5d+md9QKAFRmcgr/5qx THISISAFAKEKEYDEMOgKCAgEAwOj0HExkjujKKhqjghw//5h5ly5RO9Ztmc1s9 THISISAFAKEKEYDEMOgKCAgEAwOj0Hw/kzwp12ND59bTE4ZTKry6QL1MZIlsh O6P2zVHcxnl6wITDnEJdD5MVy/vupHK/4Kq6Nnmvna5aY4s/zfqu6Tsq+IzzQ6HR THISISAFAKEKEYDEMOgKCAgEAwOj0HXo1QESsM44YiJ2vQzjPB8i3rjy3+XE 80lOTExF3A2+r2y3wbE3g7y1wpk2+0/A2BrF5Q9x9R4KzvuMdU6I7Ny2NK1jCRdC THISISAFAKEKEYDEMOgKCAgEAwOj0HZlsQ4T9IdSxdwjWteoysI9N9IsYUS/CX mO9jww8f0Hz1xl0G+tL5AMTM6nmu9/WTHISISAFAKEKEYDEMOgKCAgEAwOj0H 8Kd5Yj8z78C5RbF0IbOB1lLUnkY+4PCfTpTHISISAFAKEKEYDEMOgKCAgEAwOj0H TXkwz2Vp5bcMvlgztAymN7sCAwEAAQ== email@example.com”
mainSteps:
– action: aws:runShellScript
name: createBreakGlassUser
inputs:
runCommand:
– |
if [[ $(grep -c “^break-glass:” /etc/passwd) -eq 0 ]]; then
useradd -m -s /bin/bash break-glass
fi
echo “$PublicKey” >> /home/break-glass/.ssh/authorized_keys
if [[ “$(whoami)” != ‘break-glass’ ]]; then
echo “You are accessing this network as break-glass!”
fi
Ralph Quick Cloud Engineer
Ralph Quick is a professional Cloud Engineer specializing in the management, maintenance, and deployment of web service applications and infrastructure for operations. His experience ensures services are running efficiently and securely meeting the needs of your organization or clients.
