Frequently Asked Questions
What does Classicops do ?
Classicops helps you protect your production accounts by allowing just in time access to your AWS accounts. This means that anyone who requires access to your AWS account can request for access from an admin which when approved would give him access for a short duration. Once the duration has passed his access to the AWS account would be revoked.
How do we access your AWS Account ?
We provide two options to access your AWS Account. One is using Access Keys and Secret Keys. Another is using an IAM Role with an External ID that our AWS Account can use. Using an IAM Role with external ID would be the preferred way to keep it more secure and ensure that there is no need to rotate the keys regularly.
What IAM permissions do we require ?
We require AWS IAM permissions to create IAM Roles, IAM Managed Policies and the power to assume those IAM Roles.
How do I setup my AWS Account with Classicops ?
To use your AWS Account with Classicops, you would need to create an IAM Role with the a policy document that we will share with you. While creating the IAM Role, you would have to put in our AWS Account number and a unique ID given by us. After that, you would have to share the IAM Role ARN with us.
How does Classicops work ?
Classicops creates an AWS IAM role corresponding to every user in the AWS Account when that user is granted Access. The user can use that AWS IAM Role across teams in the same organisation. Once the time period for which the user was granted access ends, we remove the permissions associated with the IAM Role for the user. If that permission is the last one for the user, we also remove the role from the AWS Account.
Are my credentials safe with Classicops ?
All our data is stored on databases that are encrypted at rest. All the credentials that are stored with us are encrypted using application level encryption. The data never leaves our private network unencrypted. We audit the usage of the credentials.
I am worried about giving IAM Access to third parties.
Your credentials are safe with us and we use your credentials only for provisioning access for members from your organisation. But still we understand that you might have certain requirements. We plan to provide self hosted offerings so that you can run our solution on your platform. Get in touch with us at firstname.lastname@example.org.
What type of access can Classicops provision ?
Classicops can provision access to the AWS CLI and the AWS console for every user. This access is provisioned using temporary credentials that are valid for 1 hour.
Do you plan to support GCP and Azure ?
Yes, we plan to support GCP and Azure down the road.
What are the pricing options ?
Our product is free through our beta. We plan to start with plans from 10 dollars per user per month.