Opal + Amazon Web Services

Integration Overview

Opal supports broad integrations into Amazon Web Services through API-based connections. Without proxies or agents, Opal can automatically discover managed services and be deployed in minutes.

Use cases

  • Implement Least Privilege - With Opal, customers are able to adopt granular and ephemeral access to critical resources
  • Accelerate Access Requests - Customers can delegate approvals to resource owners/managers and accelerate approvals via one-click in Slack
  • Streamline User Onboarding - Integrated with popular identity providers, customers can bind resource level access to native group structures
  • Configure break glass access - Opal enables customers to automate emergency break-glass access via integrations with on-call providers and manual pre-approvals
  • Automate Access Reviews - Opal offers end-to-end automation for user access reviews -  snapshotting user lists, notifying reviewers, providing a self-service review workflow, and generating automated reports

How it works

You can set up the AWS integration in minutes:

  • Select Amazon Web Services from the Application catalog
  • Tag infrastructure in AWS
  • Create IAM user for Opal
  • Create IAM user connection

IAM Roles

Developers can easily discover and request for just-in-time short-lived access for IAM roles. All access is granted through attributable federated IAM sessions. With Opal, engineers can access roles via AWS web console or command line.

RDS database

Opal supports AWS-managed RDS databases out of the box. Database access can be scoped to any granularity your database allows including table and even column-level access. Developers can easily discover and request for just-in-time short-lived access to RDS databases. All databases can be accessed using your favorite 3rd party database viewers, like Postico, or through the command line.

EC2 Instances

Opal supports AWS-managed servers using Amazon Secure Session Manager (SSM). This allows developers to move away from private key rotation and manage server access using federated IAM sessions. In addition, all sessions will be recorded and captured for later auditing!

EKS Clusters

Opal lets you define fine-grained access controls to Kubernetes clusters on EKS using federated IAM sessions. This simplifies and unifies access controls to AWS IAM while enabling developers to connect easily and request new access to many different clusters. Similar to other integrations, sessions are logged and captured with solid attribution.