Amazon Web Services (AWS)

Cloud

Amazon Web Services (AWS)

Cloud

Amazon Web Services (AWS)

Cloud

Opal supports broad integrations into Amazon Web Services through API-based connections. To support enterprise deployments, we integrate with AWS Accounts, AWS Organizations, and AWS Identity Center (formerly known as SSO). Without proxies or agents, Opal can automatically discover managed services and be deployed in minutes. To explain our integration approaches, we have created a deployment overview.

IAM Roles

Developers can easily discover and request for just-in-time short-lived access for IAM roles. Additionally, developers can request for the creation of new IAM roles.

All access is granted through attributable federated IAM sessions. With Opal, engineers can access roles via AWS web console or command line.

RDS database

Opal supports AWS-managed RDS databases out of the box. Database access can be scoped to any granularity your database allows including table and even column-level access. Developers can easily discover and request for just-in-time short-lived access to RDS databases. All databases can be accessed using your favorite 3rd party database viewers, like Postico, or through the command line.

EC2 Instances

Opal supports AWS-managed servers using Amazon Secure Session Manager (SSM). This allows developers to move away from private key rotation and manage server access using federated IAM sessions. In addition, all sessions will be recorded and captured for later auditing!

EKS Clusters

Opal lets you define fine-grained access controls to Kubernetes clusters on EKS using federated IAM sessions. This simplifies and unifies access controls to AWS IAM while enabling developers to connect easily and request new access to many different clusters. Similar to other integrations, sessions are logged and captured with solid attribution.


Opal + AWS Use Cases
Protect against breaches with least privilege

  • Grant just-in-time access to AWS resources that are auto-expiring and fully audited using Slack

  • Ensure that privileged roles have the appropriate identity governance and approval configurations, such as multi-stage approvals, max duration, custom fields, and more

Accelerate employee access on paved roads

  • Enable resource owners with the most context to approve access requests and provision access automatically via Slack

  • Accelerate employee onboarding by enabling managers to request on behalf of their reports or enabling self-service discovery of resource bundles

  • Automate on-call access by provisioning and deprovisioning access via on-call schedules

Simplify compliance without manual overhead

  • Automate user access reviews so compliance teams can snapshot user listings, assign reviewers to self-service reviews, propagate access changes, and generate an auditor-friendly access report

  • Review access of employees who have recently transferred roles or departments

Can't find your desired integration?

Add your request to be among the first to know when it's available.