|
|
|
|
|
|
by toomuchtodo
3203 days ago
|
|
|
> and you can set up IAM roles and whatnot to share your API keys between accounts. That gives you at least some isolation, but still lets you GSD the same way as if you have a single account. Do not do this. You are defeating the purpose of account level separation if you're sharing API keys between accounts. Each AWS environment should be totally segregated from the others (cross-account IAM permissions only if you must), limiting the blast radius in the event of human error or a malicious actor. Source: Previously did devops/infra for 6 years, currently doing security |
|
|