A benchmark of available solutions

A couple of years ago we reviewed the way we manage our teams’ SSH accesses. We were looking for three key areas of improvement: service-level granularity, flexibility to give time-bounded accesses, and finally good traceability for auditing purposes.

TL;DR we decided to move towards certificate-based accesses with BLESS (by Netflix OSS), an “SSH Certificate Authority that runs as an AWS Lambda function and is used to sign SSH certificates from public keys”. In this first article, we detail why we made this choice as well as alternate solutions we dismissed.

Initial setup: Bastion & SSH public key

In this setup, access to our cloud infrastructure was done…

Marc-Enzo Bonnafon

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store