|
|
|
|
|
|
by nickzelei
1106 days ago
|
|
|
I agree. The role that Nucleus asks you to create does not ask for the AdministratorAccess policy. Instead, it calls out the specific product areas that it accesses. We also have a description of each one and why we need it in our docs. https://docs.nucleuscloud.com/home/concepts/permissions-over... However, we can definitely be more detailed and call out specific actions that we need in those areas. That still leaves us with IAM though. I think we can still do better here to further limit IAM, but as of right now we can still do a lot if we have full access to the IAM featureset. It's something we're working on improving, but for now, I always suggest folks turn on auditing in their AWS accounts to keep ontop of anything that is happening. |
|
|