Identity is now the cloud security perimeter. With every new cloud service or application that is adopted and with every new employee hired comes an increase in security risk. Over time, cloud environments become a web of identities and complex manage, govern and secure.

Effective access control is critical to reduce identity risk, but unfortunately comes with implementation challenges: slow and manual request processes, friction in engineering workflows and scalability problems.

Common Fate is an authorization engine for internal access, which automates cloud access for engineers using centralised context and workflows.

Common Fate is designed to be hosted in your own cloud environment and is deployed using Terraform.

Visibility

Common Fate provides analytics to identify unused entitlements. We scan audit trails across each cloud account and create a centralised usage report.

Your cloud provider has some built-in services to provide IAM analytics, like AWS IAM Access Analyzer. Our analytics are different in that our results span usage across all of your cloud accounts, rather than findings for an individual IAM role. In practice we’ve found this to be complimentary with analysis tooling like IAM Access Analyzer.

Currently, we support entitlements analysis for AWS IAM Identity Center.

Access Workflows

Common Fate supports access workflows to allow end users in your organization to securely access production cloud environments.

Using Common Fate’s authorization policies you can define policies for automated and manual approvals, and route access requests through Slack. Policies can include contextual information about the user and resource, such as:

  • if the user is on-call in PagerDuty or OpsGenie
  • attributes on the resource the user is accessing, such as the AWS account or GCP project tags
  • group membership from your corporate identity provider such as Microsoft Entra