|
|
|
|
|
|
by golovast
1318 days ago
|
|
|
It will really depend on your workflows, what services you use, what risks you're trying to manage and what trade-offs you're willing to accept on usability vs security. For some scenarios, resource-based policies can form the foundation of your auth flow. If you look at the flows described in the docs [1], resource evalutionn is simpler. You still need to solve the problem of effectively managing all of those resource policies and limitations on where they can be applied [2]. That might be an easier problem to solve then dealing with trying to express everything as an identity policy. You're then less concerned with wider permissions at the IAM level and move the responsibility to the owner of the resource. [1] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_p...
[2] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_a... |
|
|