|
|
|
|
|
|
by mauflows
701 days ago
|
|
|
It's funny, because AWS devs are also a bit guilty of slamming admin credentials and calling it a day. I was testing out sagemaker studio. I just did the quick setup wizard and the default managed execution role was insanely permissive. I believe read/write to all of the accounts S3 buckets and broad List* for account resources. There are multiple parts of the documentation that also recommended you use this role. It seemed especially wild for a product with so many ways to access. we have good account hygiene but still |
|
|
I find this is often the case.