Re: Taking over root on legacy AWS account
Hi Ross
Sorry, I did not respond earlier.
On Tue, Aug 23, 2022 at 10:55:27PM -0700, Ross Vandegrift wrote:
> On Fri, Aug 12, 2022 at 05:37:33PM +0100, Marcin Kulisz wrote:
> > My take on the latter would be that one of the delegates if we'd have a chair
> > would be holding MFA to this account and this would be passed along this line to
> > the next one and it should be an obligation of the chair to do it be.
> > I would nominate Ross as the person usually charring our meetings.
> > Any other ideas or suggestions how to do it?
> Bastian suggested storing it in the password repo [1]. I like that since it
> supports providing access to multiple people via their gpg keys. I don't quite
> understand how to use pwstore, but the idea seems simple enough.
The main problem with that is for now: we don't have control over the
phone number associated with our accounts. This means we can't recover
from broken MFA without help of the support.
As I said in the last meeting, I don't know a useful way to rectify
that missing access to a shared phone number.
Because none of the new accounts have MFA enabled, maybe it is okay to
just transfer the account without it as well.
Regards,
Bastian
--
I object to intellect without discipline; I object to power without
constructive purpose.
-- Spock, "The Squire of Gothos", stardate 2124.5
Reply to: