Direct Access - AWS Security Incident Response Guide

Direct Access

To give incident responders direct access, deploy an AWS IAM role into the AWS accounts that your security engineers or incident responders can assume during a security event. The incident responder authenticates either through a normal federated process, or through a special emergency process, if the incident impacts your normal authentication process. The permissions you give the incident response IAM role depend on the actions you anticipate the responders to perform.