Skip to content

Getting Started

What is Gatekeeper?

Gatekeeper is an application that we developed here at FINRA to manage temporary access to EC2 and RDS resources in AWS in an automated fashion

How does Gatekeeper work?

EC2

For EC2 Gatekeeper leverages AWS SSM (Amazon Simple System Manager) to create (and remove) temporary users on EC2 Instances

RDS

For RDS Gatekeeper leverages the AWS RDS API to be able to connect to supported RDS instances and generate users with generic sql queries specific to the engine of the RDS Instance. Currently gatekeeper supports mysql and postgres

AWS Re:Invent 2017

See our blog post here for more information

We also had a demo of the application in action at AWS Re:invent 2017, to see that you can find the following links below:

Full Talk

Gatekeeper @ Re:Invent 2017

Demo

Gatekeeper @ Re:Invent 2017

Why Gatekeeper?

In a transient environment where application instances are constantly being torn down / spun up managing user access gets complicated. Gatekeeper resolves this by automating the creation of that user, and making sure that the user is only valid for a temporary time period.

Since access is automated and on a temporary basis, using Gatekeeper can reduce the amount of permanent users that get set up on an instance, allowing your resources to be more secure.

Gatekeeper also stores and logs all of the access requests making user access fully auditable.