|
|
|
|
|
|
by vitramir
135 days ago
|
|
|
terraform cloud, argocd, vercel and supabase (modern stack for micro apps), sentry (doesn't have per project permissions), sendgrid, etc... What does your stack look like beyond Kubernetes and AWS? It’s hard to imagine everything there supports truly fine-grained permissions. |
|
|
GCP (main), AWS/Azure (b/c customers), Jenkins/Argo
TF/Helm are IaC and run from containers, no hashicorp services
CloudSQL, why are you sending your db queries to a SaaS?
LGTM for observability
The vendors we do have are WIF'd (i.e. code & secops scanning)
WIF is the key, mature vendors are supporting WIF, and amazingly the hyperscalers are supporting each others WIFs for cross-cloud, so we can give a GCP SA, AWS perms and vice versa