DAY2™  believes and ensures Least privilege permission model across our platform operations. Our aim is to ensure that our customers are in full control of what permissions that they give out and keep our access granular to the scope of every operation.

In DAY2™, we create specific roles with least permissions to solve the purpose of the operation and nothing more. The IAM roles in your AWS Account are attached with the least permissions that it requires and also, with AWS Managed policies which is recommended by AWS. 

We create one or more IAM roles to perform actions in each of the following features. These roles are created in your AWS Account only when you want to perform the operation, and only with your consent. We want to ensure that your account only has permissions that it requires and nothing more. You are in full control of what permissions you give to DAY2™. 

The IAM roles created for our features are mentioned below -

  1. Full Visibility
  2. Security
  3. Compliance
  4. Server Management
  5. Provisioning & Governance
  6. Application Management

However, in order to create these specific roles at the time of the operation, DAY2™ needs the permissions to create the role and attach it with the right policies. To achieve this, we take create MontyCloud-Admin Role which is attached with Amazon Managed AdministratorAccess Policy which is recommended by AWS. This helps you take full advantage of all the features in DAY2™  without having to worry about going AWS Console ever again. If not, you would have to go to the AWS console to create granular permissions for every operation.