New top story on Hacker News: Show HN: Sym, define just-in-time access workflows in code

Show HN: Sym, define just-in-time access workflows in code
21 by abuggia | 2 comments on Hacker News.
Hello HN, My cofounder (jon918) and I started Sym three years ago because we were frustrated with how hard it was to manage access to cloud infrastructure. We wanted to build a tool for JIT access that was actually designed for developers. We were wary of tools that tried to accommodate both devs and IT but ended up with usability compromises for both. First, we figured no one wants another web app to log into so we let administrators define access workflows in Terraform and let developers request and gain access via Slack. That seemed to pay off: being code-based was a big plus for our early customers since it let them manage the logic in version control and test in CI/CD. Second, we knew that updating permissions/roles/access was a major source of toil and risk in the world of cloud infrastructure. Have you ever tried to avoid annoying, persistent access requests by setting policies that are a bit more permissive than you’d like? We felt that fully automated just-in-time access + approvals could really help here. But we also knew that a simple approval tool could end up leading to request fatigue - kind of defeating the purpose. So we built an SDK to let you define checks in code (e.g. pagerduty.on_call, okta.is_user_in_group, github.get_repo_collaborators) in order to dynamically route requests or fast-track access when appropriate. This seems to be paying off: users are creating Slack-based approvals in front of different types of risky actions like production access, sensitive queries and triggering Lambdas. We’d love your feedback on our approach so far. Does this make sense to you? Is this a tool you'd use? What would you want to see out of it? To learn more, check out the video that Nick (nmeans (Sym VPEng)) made [1]. You can also check out our docs [2] or set up your own flow [3]. thanks! -adam [1] https://ift.tt/sNu1a5J [2] https://docs.symops.com [3] https://symops.com/signup

Comments

Popular posts from this blog