A couple of years ago we reviewed the way we manage our teams’ SSH accesses. We were looking for three key areas of improvement: service-level granularity, flexibility to give time-bounded accesses, and finally good traceability for auditing purposes.
TL;DR we decided to move towards certificate-based accesses with BLESS (by Netflix OSS), an “SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH certificates from public keys”. In this first article, we detail why we made this choice as well as alternate solutions we dismissed.
Robert Dupuy
VP Engineering
Natural born geek with an entrepreneur spirit that loves to discuss around anything tech related, management related or neat cultural differences. My main focus has always been building dev and infra teams, leading them to scale the business in a very automated way.