ConsoleMe
GitHub
  • About
  • Architecture
  • Features
    • Credentials
      • AWS Console Login
      • AWS Credential Broker
    • Policy Management
      • Policies View
      • Policy Editor for IAM, SQS, SNS, and S3
      • Self-Service IAM Wizard
      • Policy Request - Review Page
      • Role Creation and Cloning
  • Demo
  • Quick Start
    • Docker
    • Local
  • Prerequisites
    • Required IAM Permissions
      • Central Account
      • Spoke Accounts
  • Configuration
    • Web App Authentication and Authorization
      • Local Development (Auth bypass)
      • ALB Auth (Recommended)
      • Retrieving Google Groups
      • OIDC/OAuth2
        • Cognito
        • Okta
      • SAML
      • Plain-Text Headers
    • Role Credential Authorization
      • Role Tags
        • Role Tagging Service Control Policy (Recommended)
      • Role Authorization through Dynamic Configuration
      • Custom Authorization (Internal Plugin)
    • Account Syncing
    • Metrics
    • Dynamic Configuration
    • AWS Resource Syncing
    • CLI Authentication
    • Sending email through SES
    • AWS Secret Manager Integration
    • CloudTrail Integration via AWS Event Bridge
    • Slack Notifications
  • Celery Tasks
    • Celery Flower
  • Development Guide
    • UI Components
    • Managing Dependencies
  • Deployment Strategies
  • Contributing
  • FAQ
  • License
  • Security
  • Weep CLI
    • Getting Started with Weep
    • AWS Credentials in the CLI using Weep and ConsoleMe
    • Configuration
    • Commands
      • List
      • Serve
      • Export
      • File
      • Credential Process
    • Assuming Roles
    • Advanced Configuration
      • Routing for Metadata Service
      • Shell Completion
Powered by GitBook
On this page

Was this helpful?

  1. Features
  2. Policy Management

Self-Service IAM Wizard

PreviousPolicy Editor for IAM, SQS, SNS, and S3NextPolicy Request - Review Page

Last updated 3 years ago

Was this helpful?

ConsoleMe's self-service wizard walks your users through the process of requesting the permissions they need, without needing to know the IAM JSON policy syntax.

Step one of the wizard asks the user to identify the name of their application or role requiring permissions. After choosing their role, we show them context about the role that they can confirm before proceeding to the next step.

Step 2 of the wizard offers a configurable set of permission choices in plain English. Users are able to add the permissions they want. Most of the fields requiring a resource ARN offer a typeahead based on the ARNs we know about in your environment.

In Step 3 of the wizard, most users can type in their justification and submit their policy request. Today, these requests will go to your cloud administrators. In the future, we plan to redirect requests to the appropriate owners of the resources that you're requesting access to.

Advanced users can choose to modify the JSON policy generated for their request, and submit the modified request instead.

Here's a feature video:

https://youtu.be/txnYP0BlIToyoutu.be