[zackmorris]

Ya after writing it, I think what's going on is that I do everything declaratively now. So it's great that AWS lets us create the AWS policy files rather than making us manage permissions through code.

But I want to see the infrastructure as a big spreadsheet, turn on a policy, and see the accessible services highlight. basically I need something like an acceptance/integration test that proves that my permissions work like I think they do.

Without something formal like that, I can't help but feel that IAM is risky to rely on alone. To the point that, I would be wary of using it, and even view it as more of a liability than a useful tool. This is really a general conceptual issue with the abstraction of roles/permissions from a computer science perspective. My gut feeling is probably that the general authentication-based logins of the open internet and circles of trust are better mechanisms for securing services. That said, I do really appreciate that we can reference security group ids in new security group rules. Once I started chaining the references like that, and having subnet rules in a central place, things worked more smoothly.

I would never use roles/permissions for new development though is what I'm trying to say (whether for web development or web hosting). I don't think it makes sense to screen access by which network was used, or the source IP of the user trying to gain access. These are somewhat antiquated notions that make sense for sysadmins, but I don't think they make sense for the vast majority of use cases that web developers encounter. We could just use the open web's CLIENT_ID=abc, CLIENT_SECRET=xyz pattern for all AWS services. But maybe there's some advantage with roles and permissions that I'm not seeing.

Sorry I come off as Negative Nancy, but this issue really concerns me, and I don't see much talk about it on sites like Stack Overflow.

[Terretta]

Pull this thread...

Zelkova uses automated reasoning to analyze policies and the future consequences of policies. This includes AWS Identity and Access Management (IAM) policies, Amazon Simple Storage Service (S3) policies, and other resource policies. These policies dictate who can (or can’t) do what to which resources. Because Zelkova uses automated reasoning, you no longer need to think about what questions you need to ask about your policies. Using fancy math, as mentioned above, Zelkova will automatically derive the questions and answers you need to be asking about your policies, improving confidence in your security configuration(s).

https://aws.amazon.com/blogs/security/protect-sensitive-data...

Maybe start at Provable Security: https://aws.amazon.com/security/provable-security/

[uzakov]

Dont worry, I didn't feel that you were a "negative nancy" :)

> "But I want to see the infrastructure as a big spreadsheet, turn on a policy, and see the accessible services highlight. basically I need something like an acceptance/integration test that proves that my permissions work like I think they do."

This problem can be solved by having your infrastructure etc as Terraform templates, and writing unit tests for those. Additionally you can use 3rd party solutions, depending on what you mean by "see the accessible services highlight"

> " I don't think it makes sense to screen access by which network was used, or the source IP of the user trying to gain access."

I would say this is additional thing you would do, but not the only.

> "But maybe there's some advantage with roles and permissions that I'm not seeing."

Let me/us know and maybe either me or someone else can help you. Hopefully my message didnt come as condescending. PS I dont work for AWS