2025-10-02 · Priya Natarajan
Why we rehearse break-glass access with CloudTrail exports
Break-glass flows fail when evidence collection is an afterthought—here is the rehearsal format we use.
Elevated access drills rarely fail because people forget passwords. They fail because nobody practiced exporting evidence within the first ten minutes of a decision.
We structure the IAM Guardrails cohort rehearsal in four beats: trigger, approval, action, and evidence bundle. Each beat has a checklist stored next to the runbook, not buried inside a wiki tree.
During the live clinic, mentors inject a deliberate constraint—CloudTrail lag or a missing tag—to simulate messy reality. Participants narrate their screen so observers from risk teams can follow without understanding IAM JSON.
The closing paragraph focuses on documentation hygiene. If your bundle cannot explain why elevated access was proportional to the incident, the rehearsal is marked incomplete even when the technical steps succeed.