In this talk, we will explore the process of building an in house emergency admin access to our AWS accounts at Block, leveraging standard technologies like smart cards and x.509 certificates that should work with many vendors using hardware owned by the business.

In our specific case, we used AWS RolesAnywhere authentication technology, AWS PCA for certificate issuance, and Yubikey PIV mode for secure certificate protection.

This talk will provide insights into the complexities of implementing secure emergency access, the challenges we faced, and how we overcame them to create a more secure and efficient system. The system has been successfully used in production.