On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and
> been pointed to me that it's worth considering updating IAM settings a bit.
> Having above in mind and that DDs are already trusted enough :-) I'm thinking
> about giving a full RO to all DDs which are having access to the AWS account.
> What are the people thoughts about this?
I was the one bringing this up. In the beginning I just wanted to see
what real world AWS IAM policies look like and maybe learn a little
about that permission system. This would also enable me to provide
complete patches if modifications are necessary.
I started with trying to access this information using the web interface
and every time a new required permission kept popping up. The current
workflow of granting read permissions one by one does not really scale.
So I asked the question if there are informations and services inside
this account that are so secret that fellow DD would be not allowed to
If a man had a child who'd gone anti-social, killed perhaps, he'd still
tend to protect that child.
-- McCoy, "The Ultimate Computer", stardate 4731.3