[icedchai]

I've been working with an organization that apparently won't give its developers reasonable access to dev cloud environments "because of SOC2." At least, that is the excuse they tell me.

Example: "I need access to EC2" isn't enough. I wind up with a role where I can launch instances, but not list them. I have to send several emails, have meetings, follow ups, sending links to AWS docs, etc. to get them to modify a custom IAM role. Then they still can't figure it out, so I am literally telling someone what to copy-and-paste into JSON to fix the issue. I completely understand more control in higher environments, but this crap adds up and costs weeks in lost productivity.

[tptacek]

Oh, absolutely, security and compliance teams have for over a decade been exploiting SOC2 to exert undue control over engineering process.

[icedchai]

Yep! It took a month of back-and-forth to do what should have taken less than a day in an environment with less friction. I'm totally frustrated by the project at this point.