Case Study: Developers Ephemeral Production Access – MongoDB & More

A leader in the Human Resources & Recruitment Optimization, has expanded their operations to new AWS regions, and require a manageable, dynamic, and secured way to manage access, to adhere to customer requirements while maintaining operational needs.

The Challenge

The company would like to provide developers access to MongoDBs on their production environment, to comply with customer compliance restrictions and prevent human-error they require:

  1. Provide Right-Size IAM – Grant developers “Just-Enough” access to resources for “Just-in-Time” period of time – Reducing chance of human-error and adhering to customers requirements. 
    For example:
    • Read-only Access to Production MongoDBs – On demand Via ChatOps
    • Read/Write Access to Production MongoDBs – On demand Via ChatOps with Approval

  2. Scalable –The company has developed an internal solution that was not able to meet their growth, they require a solution that can meet any scale of operations.

  3. Full Audit Trail – A solution that will document each step of the request/approve process including access justification, enabling full transparency of customer production access whenever it is required.

  4. One-Stop-Shop – A single solution that will manage permissions across all of the organization cloud resources:
    • MongoDB
    • Kubernetes
    • S3
    • PosgreSQL
    • ElasticSearch

“We rely heavily on MongoDB at our production environment, managing access to it has proven to be a challenge to say the least, our internal solution had its glory days but was unable to meet our welcomed growth”

DevOps Lead @ HR Company

The Solution – Apono Dynamic Access Flow

Using Apono’s platform, the company now has the ability to meet all the project requirements:

  1. Automatically grants Read access to developers that are within context and belong to the designated group, see access flow below:
    Automatic Access to MongoDb for Developers – Apono Access Automation
  2. ChatOps – Using the organizations Slack, developers can now request Read/Write Access in a simple intuitive way.
    Developer temp read:write access to production – Apono Aut
  3. Scalable – Apono’s Access Flows can meet any scale and do not require adjustment according to growth.

  4.  A Full Audit Trail – Each action taken by the requester or approver and justification is recorded and can be viewed.

  5. Centralized Management to all cloud resources improves DevOps productivity while reducing MTTR.