This snippet might be of use. This is what I use on my general
'all-users' group, to keep any users not specified out of my s3 ops
bucket with some private keys in it. You specify the blessed users by
IAM user ID, and everyone else is denied. I assume you could use a
similar pattern on other
On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and
> it's
> been pointed to me that it's worth considering updating IAM settings a bit.
>
> Having above in mind and that DDs are already trusted enough :-) I'm
The only down side of this would be any secrets stored in any SSM
Parameter Store locations, but at this point in time I don't think three
are any; historically, people would store secrets into S3 buckets
(probably client-side encrypted, definitely server side encrypted).
These secrets could be
Hi
On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and
> it's
> been pointed to me that it's worth considering updating IAM settings a bit.
> Having above in mind and that DDs are already trusted enough :-) I'm
Hi All,
I'm recently fiddling a lot with permissions on the Debian AWS account and it's
been pointed to me that it's worth considering updating IAM settings a bit.
Having above in mind and that DDs are already trusted enough :-) I'm thinking
about giving a full RO to all DDs which are having
