Building Robust Emergency Admin Access to AWS Accounts Using Yubikey and X.509 Certificates

Learn how to build robust emergency admin access systems for AWS accounts in this technical conference talk from fwd:cloudsec. Explore the implementation of secure emergency access using smart cards and x.509 certificates, with specific focus on AWS RolesAnywhere authentication technology, AWS PCA for certificate issuance, and Yubikey PIV mode for secure certificate protection. Discover insights from experienced security professionals Greg Kerr, Brett Caley, and Matt Jones as they share their journey at Block, detailing the complexities, challenges, and solutions in creating a production-ready system. Gain practical knowledge about disaster recovery, building blocks, scaling considerations, and funding requirements while understanding why such systems are specifically designed for emergency scenarios rather than daily usage. The presentation covers the complete process of developing an in-house emergency admin access solution that can be adapted for various vendors using business-owned hardware.