On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and 
> it's
> been pointed to me that it's worth considering updating IAM settings a bit.
> 
> Having above in mind and that DDs are already trusted enough :-) I'm thinking
> about giving a full RO to all DDs which are having access to the AWS account.

Yes please. The current restrictions are very difficult to work with.
Broader RO access is a good start.

Not only RO permissions need to be updated. I recently replaced my MFA
device and found that I don't even have permission to update my IAM
role's MFA settings. (Do I even have permission to change my own
password? I haven't tried yet.)

noah

Attachment: signature.asc
Description: PGP signature

Reply via email to