[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IAM permissions adjustment on AWS


On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and it's
> been pointed to me that it's worth considering updating IAM settings a bit.
> Having above in mind and that DDs are already trusted enough :-) I'm thinking
> about giving a full RO to all DDs which are having access to the AWS account.
> What are the people thoughts about this?

I was the one bringing this up.  In the beginning I just wanted to see
what real world AWS IAM policies look like and maybe learn a little
about that permission system.  This would also enable me to provide
complete patches if modifications are necessary.  

I started with trying to access this information using the web interface
and every time a new required permission kept popping up.  The current
workflow of granting read permissions one by one does not really scale.
So I asked the question if there are informations and services inside
this account that are so secret that fellow DD would be not allowed to
read them.


If a man had a child who'd gone anti-social, killed perhaps, he'd still
tend to protect that child.
		-- McCoy, "The Ultimate Computer", stardate 4731.3

Reply to: