7 comments

[ 2.6 ms ] story [ 29.4 ms ] thread
This made me put "sign up on gun.io" on my to-do list. Very cool talk, very sympathetic guy (+1 for rapid fire info,+10 for making a stand for hacker aesthetics and fun in hacking)
Thanks man! :D
Is the repo still empty due to that one little NDA tidbit? o_O
Great Talk.
Have to watch this guy, next time he gives a talk. Rapid but motivational.
AKA!!!

So, if IAM is the keys to the city for Lambda, how can I be sure I'm using IAM correctly on AWS (Since AWS documentation is not great). Any suggestions? (asking for a friend...)

(Presenter here) - My opinion is that there is no magic bullet here. There are some 3rd party tools that can help to audit your IAM usage for large organizations, but I think manual review is necessary. I think Amazon is also starting to roll out some of there own tools. There are some general best practices you can implement - keep production on a different _account_, don't allow the use '*' anywhere, things like that.

After the talk, I spoke to a nice Dutch man who told me the way they handled it at their company was to randomly turn off an overly broad permission and see who came to complain!