SEC03-BP03: Establish emergency access process

Establish a process that allows emergency access to your workload in the unlikely event of an automated process or pipeline issue. This will help you rely on least privilege access, but ensure users can obtain the right level of access when they need it. For example, establish a process for administrators to verify and approve their request.

Implementation guidance

Even with well-designed systems and robust automation, emergencies can occur that require immediate access to resolve critical issues. An emergency access process (sometimes called “break-glass” access) provides a controlled mechanism for obtaining elevated privileges in urgent situations while maintaining security and accountability.

Key steps for implementing this best practice:

1. Define emergency scenarios:
   • Identify situations that qualify as emergencies
   • Document criteria for invoking emergency access
   • Establish severity levels for different types of emergencies
   • Define the scope of emergency access for each scenario
   • Create clear guidelines for when emergency access is appropriate
2. Design emergency access mechanisms:
   • Create dedicated emergency access roles with appropriate permissions
   • Implement time-limited access for emergency credentials
   • Consider using sealed emergency credentials (physical or digital)
   • Set up just-in-time access provisioning
   • Implement multi-person approval for emergency access
3. Implement strong controls:
   • Require multi-factor authentication for emergency access
   • Implement enhanced logging and monitoring for emergency credentials
   • Set up real-time alerts when emergency access is used
   • Enforce automatic expiration of emergency access
   • Consider IP restrictions or other contextual controls
4. Document emergency procedures:
   • Create step-by-step instructions for requesting emergency access
   • Document the approval process and required approvers
   • Provide clear procedures for using emergency access
   • Include instructions for revoking access after the emergency
   • Ensure documentation is accessible during emergencies
5. Establish governance processes:
   • Require post-incident reviews after emergency access use
   • Implement regular testing of emergency access procedures
   • Conduct periodic audits of emergency access controls
   • Update procedures based on lessons learned
   • Include emergency access in your security training
6. Secure emergency credentials:
   • Store emergency credentials securely
   • Implement rotation for emergency credentials
   • Limit knowledge of emergency access mechanisms
   • Consider using sealed envelopes or secure digital vaults
   • Implement monitoring for unauthorized access attempts

Implementation examples

Example 1: Emergency access role with approval workflow

Code snippet hidden for website display

Code snippet hidden for website display

Example 2: Break-glass procedure documentation

Code snippet hidden for website display

Example 3: AWS Systems Manager Automation for emergency access

Code snippet hidden for website display

AWS services to consider

AWS Identity and Access Management (IAM)

Enables you to manage access to AWS services and resources securely. Use IAM roles with appropriate permissions for emergency access.

AWS CloudTrail

Records API calls for your account and delivers log files to you. Use CloudTrail to monitor and audit emergency access usage.

Amazon CloudWatch

Monitors your AWS resources and the applications you run on AWS in real time. Set up alerts for emergency access usage and create dashboards for visibility.

AWS Secrets Manager

Helps you protect secrets needed to access your applications, services, and IT resources. Can be used to securely store emergency access credentials with rotation capabilities.

AWS Systems Manager

Gives you visibility and control of your infrastructure on AWS. Use Automation documents to create controlled emergency access workflows.

Amazon SNS

A fully managed messaging service for both application-to-application and application-to-person communication. Use SNS to send notifications when emergency access is requested or used.

Benefits of establishing an emergency access process

• Reduced operational risk: Ensures critical issues can be resolved quickly
• Enhanced security: Provides controlled access during emergencies while maintaining security principles
• Improved accountability: Creates clear audit trails for emergency access usage
• Better compliance: Demonstrates due diligence for regulatory requirements
• Increased confidence: Teams can implement strict access controls knowing emergency procedures exist
• Faster incident resolution: Clear procedures reduce confusion during emergencies
• Reduced standing privileges: Allows for tighter day-to-day access controls

Related resources

Related Resources

• AWS Well-Architected Framework - Establish emergency access process
• Creating a role to delegate permissions to an IAM user
• Configuring MFA-protected API access
• How to create a break-glass admin role for emergency access to your AWS environment
• How to implement a human review of code deployments by using AWS Lambda and Amazon SNS
• How to record SSH sessions established through a bastion host