I do wonder if there could be a gap where the credentials are scoped down, but the service does have broader access because other users have made recent requests if the metric is just did a user request something from S3 (most do).
Or is the scope down to request for X object by Y customer, which is then signed / token attached by IAM, valid for a little bit. That would reduce radius a lot.
Kind of bummed they hyped this one because the Glue one is more interesting to me an a more credible route I thought.
Or is the scope down to request for X object by Y customer, which is then signed / token attached by IAM, valid for a little bit. That would reduce radius a lot.
Kind of bummed they hyped this one because the Glue one is more interesting to me an a more credible route I thought.