On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote: > I'm recently fiddling a lot with permissions on the Debian AWS account and > it's > been pointed to me that it's worth considering updating IAM settings a bit. > > Having above in mind and that DDs are already trusted enough :-) I'm thinking > about giving a full RO to all DDs which are having access to the AWS account.
Yes please. The current restrictions are very difficult to work with. Broader RO access is a good start. Not only RO permissions need to be updated. I recently replaced my MFA device and found that I don't even have permission to update my IAM role's MFA settings. (Do I even have permission to change my own password? I haven't tried yet.) noah
Description: PGP signature