|
|
|
|
|
|
by donavanm
2152 days ago
|
|
|
> IAM is a concept built on top of lower level primitives that you do not control, but Amazon does. Of course there are lower level primitives. And if the public documentation and observed behavior is insufficient I encourage you to inquire more about the various compliance, certification, and third party auditing programs in place https://aws.amazon.com/compliance/programs/. However at some point this approaches solipsism and I can’t prove a negative in a HN thread. > I'm not talking about Amazon SSH into your EC2 instance - but of course they can do that also - at will, without you authorizing it. No. Extraordinary claims need evidence. Either you have serious non public information counter to many AWS statements ... or you misunderstand some fundamentals of SSH and public key cryptography. > Lower level disks, logs, hypervisor, telemetry, etc.. are accessible beyond your control I would encourage you to read the AWS data privacy statements https://aws.amazon.com/compliance/data-privacy-faq/. Particularly the definitions of “customer content” and the “shared responsibility model.” |
|
|