|
|
|
|
|
|
by nzoschke
3034 days ago
|
|
|
> However, managing granular permissions for hundreds or thousands of functions is very hard to do. When building a FaaS app from scratch granular permissions are manageable. Functions are small, so it’s easy to reason about the capabilities they need and write tight policies. I don’t see why this doesn’t scale to a larger FaaS app. I think the real trick is to avoid the bundling of functions and policies the article suggests people do out of convenience. I’m working on a practical guide to Lambda and IAM policies here: https://github.com/nzoschke/gofaas/blob/master/docs/per-func... |
|
|
The more functions you have and the more time they've had to morph, the more likely they are to have far greater permissions than they should.