|
|
|
|
|
|
by unethical_ban
1643 days ago
|
|
|
What does "full control in the cloud" mean to you? It sounds like that's an oxymoron in your opinion, but correct me if I'm wrong. I get the idea, but also realize this is fundamentally incompatible with using the range of services at AWS. Fringe-future tech aside, you need unencrypted data to process it and use it. AWS isn't just S3, it's lambda, it's hosting and data science and databases. Having just read the tweet, as weird as it is to give AWS the benefit of the doubt, I agree with others in that thread. If you KMS encrypt your data, then the engineers will likely only have the ability to see encrypted data. My guess is that there are processes and monitoring in place to ensure this is only used as a break-glass. Have you ever dealt with automation of AWS resources? There are definitely issues where, by putting incorrect permissions on a KMS key or an S3 bucket, not even root can get your data back. This is likely what this is for. Customers would rather have a non-removable AWS break-glass than their own root account. |
|
|