
AWS Vault – Managing AWS credentials in development environments - matharmin
https://github.com/99designs/aws-vault
======
matharmin
As a small startup, we give our entire development team full access to our AWS
accounts - we want as little as possible overhead to develop, deploy and
support our services. However, then storing those credentials on developer
machines can be a big security risk.

I've recently come across AWS Vault, and it seems to solve the problem in a
very nice way: * You give very limited access to users by default. * Each user
can "AssumeRole" into an Admin role (or more specific role), with mandatory
MFA, to perform changes to infrastructure. * All other tools only ever have
access to temporary credentials, never to your permanent credentials.

All of this can be done with the standard AWS cli, but AWS Vault seems to give
very nice tooling around it.

