Idea ID: 2877462

LoadRunner Controller to implement MFA or temporary security credentials for managing AWS resources with AWS API calls

Status: Waiting for Votes

Opening for votes to see what customer demand is for this ER

See status update history

With current heightened security concerns, my organisation has put in place strict security measures for accessing applications.

For AWS console login, login with MFA is mandatory. Else all AWS services will not be accessible, with the exception of self-managed security credentials actions.

We have been using AWS to provisioning and managing load generators within loadrunner controller using AWS IAM user access key and secret key.

After enforcing the mandatory MFA access, it no longer works.

According to AWS it is recommended approach to use temporary security credentials in view of application services security concerns. It requires additional details (session token, etc.) to be included into AWS API calls

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

Perhaps LoadRunner product team should enhance the product to support the recommended approach in calling AWS APIs.

Parents
  • , That is why in our department we are using LRE iso LRP. Auto deployment of LGs in AWS, no external access needed, only inside the VPC. SSO access to LRE server. The Controllers live only inside the VPC as well. For admin RDP access we use AWS SSM access (can be tight to SSO as well).

    How to ask questions

    Reward contributions via likes or 'verified answers'

  • Unfortunately our department is not using LRE.
    We only use AWS resources to for internet facing applications and for high user concurrency load.

    Most of our target applications are intranet based. As it is hosted within private environment and clients' security concerns, we can't use resources from public internet as test machines.

    I believe all vendors have their own budgets and use cases to implement LRE.

  • LRE has the 'concept' of LG's over firewall. The on-prem LGs reach out to a LRE-listener near LRE to conact. This is how we implement on-prem (or cross AWS account) testing. We use strict IP whitelisting on the LRE-listener from the on-prem locations (and one can secure further).

    How to ask questions

    Reward contributions via likes or 'verified answers'

  • Aware of the features of LRE.

    Unfortunately, we are not testing any in-house application within our organisation.

    We are providing testing services to our clients. Thus we don't have the luxuries of implementing the required resources within clients privately hosted environments. Furthermore, our clients engages our testing services on ad-hoc basis.

    As such, my superiors do not see a strong use case for LRE.

  • Yes agreed, LRE in a consultancy organization on an adhoc-basis is less useful indeed. I do not need to tell you how beneficial performance regression testing is. But for the end-users it is a grow path to maturity of their product stack.

    How to ask questions

    Reward contributions via likes or 'verified answers'

Comment Children
No Data