ConsoleMe uses Celery to run tasks on a schedule or on-demand such as data processing and caching or AWS Infrastructure updates and modifications.
#MANAGE NETFLIX ACCOUNTS MANUAL#
As the company scales, this centralized and manual management approach falls over, becoming impractical for both operations teams and their users.Ĭurtis Castrapel, senior cloud security software engineer at Netflix, presented at the latest AWS re:Invent "Untangling multi-account management with ConsoleMe", a talk that covers the new tool and a demo of the functionalities. They are the one-stop-shop for cloud permissions and access. At many companies, managing cloud hygiene and security usually falls under the infrastructure or security teams. This is an amazing movement providing numerous opportunities for product innovation, but managing this growth has introduced a support burden of ensuring proper security authentication & authorization, cloud hygiene, and scalable processes.
Groups beyond software engineering teams are standing up their own systems and automation. Growth in the cloud has exploded, and it is now easier than ever to create infrastructure on the fly. With an article on the Netflix Technology Blog, the team explains the motivation behind ConsoleMe: In the last year, as for InfoQ's coverage, the company has released the Domain Graph Service Framework and Dispatch, their crisis management orchestration framework. Starting with Chaos Monkey, a project released in 2012 that randomly terminates EC2 instances, Netflix has open-sourced different products used to manage their AWS infrastructure and other internal projects.
Extensible and pluggable, the tool currently supports permissions for IAM roles, S3 buckets, SQS queues, and SNS topics using the built in policy editor. The tools provide a central control plane for permissions management across all of AWS accounts of an organization and help to implement the principle of least privilege.ĬonsoleMe allows users to access the AWS console, retrieve and serve short-lived AWS credentials through Weep, request IAM permissions through a step-by-step self-service wizard, create or clone IAM roles across accounts or use policy editors for advanced requests.
Netflix has recently open-sourced ConsoleMe, a AWS multi-account management service, and its CLI utility, Weep.