Reducing AWS Over Privileges

A simple guide that demonstrates how to view existing over privileges and convert them to dynamic Just In Time access with Apono



  • Reduce Over Privileges - Discover existing privileges to AWS roles, groups and services to convert to on-demand access flows to reduce over-privileges.
  • Self Service Access - Empower your developers to gain self-servable access to AWS services, buckets, instances and more using Slack.
  • Automated Approval Workflows - Create approval workflows to specific sensitive resources.
  • Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific S3 buckets, RDS or EC2 instances with MFA verification.
  • Review Access - View a detailed access audit of who was granted access to which specific instances, buckets or other resources in AWS.

Step By Step Guide

In this demostration we go through the following steps:

  1. Connecting an AWS account
  2. Viewing existing unused privileges in that account
  3. Creating a dyanmic Access Flow for those privileges.

See Apono in action: