Maker Checker Concept Implementation on EC2 / S3 Resources



How can I implement a Maker Checker concept on my AWS Account . For Instance I have 3 Users including the Root User . So the Admin wants to create / Delete an EC2 Instance and as soon he Clicks on the Launch Instance after filling all details or clicks on Terminate an Instance , Instantly the request goes to the Owner of the Account i.e. the Root User and upon his Approval / Disapproval the Instance is Created / Terminated . As soon the Root User ( Owner ) Approves / Disapproves the request , The Instance is Launched / Terminated / Rejected .

1 Answer

To implement a Maker Checker concept on your AWS account, you can utilize AWS Identity and Access Management (IAM) policies and workflows. Here's a high-level overview of the steps involved:

  1. Set up IAM roles and policies: Create an IAM role for the Admin user and configure policies that grant the necessary permissions for EC2 instance management. Also, create an IAM role for the Root User (Owner) with permissions to approve or reject the Admin's requests.

  2. Create an approval workflow: Develop a custom workflow or utilize AWS Step Functions to define the approval process. This workflow should include steps for requesting, approving, and rejecting EC2 instance operations.

  3. Request EC2 instance creation or termination: When the Admin user wants to create or delete an EC2 instance, they initiate the request through a web interface, API, or CLI command.

  4. Send request for approval: Once the Admin user submits the request, a notification or message is sent to the Root User (Owner) indicating the pending request for approval. This notification can be sent via email, AWS Simple Notification Service (SNS), or any other preferred method.

  5. Review and approve/reject the request: The Root User (Owner) reviews the request and decides whether to approve or reject it. This can be done through a custom approval interface or by directly modifying the state of the workflow.

  6. Execute the request based on approval: If the request is approved, the workflow proceeds to launch or terminate the EC2 instance using the credentials of the Root User (Owner). If the request is rejected, the workflow terminates without taking any action.

  7. Send notifications and update status: Once the EC2 instance is launched or terminated, notifications can be sent to the Admin user and other stakeholders to inform them about the status of the request.

By implementing this Maker Checker concept, you introduce an additional layer of control and accountability in your EC2 instance management process. It ensures that requests for creating or terminating instances are subject to approval from the Root User (Owner) before they are executed.

Note: Implementing such a workflow may involve some custom development work using AWS services and APIs. You can also explore third-party solutions or AWS Marketplace offerings that provide similar approval workflows and governance features.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions