|
|
|
|
|
|
by kmcquade
2136 days ago
|
|
|
You are so right on the SELinux comparison. Of course, in this case, there are way more developers that are required to write them. Reiterating what was mentioned in the thread - the best way to avoid this wildcard situation and make it easier for developers is to use Policy Sentry[0] Thought I’d mention this for those who read the title and the comments instead of clicking on the tools. This will solve most of your problems with writing IAM policies for machine roles. [0] https://github.com/salesforce/policy_sentry |
|
|