[HN Gopher] AWS IAM Roles, a tale of unnecessary complexity
       ___________________________________________________________________
        
       AWS IAM Roles, a tale of unnecessary complexity
        
       Author : wglb
       Score  : 8 points
       Date   : 2022-11-11 20:34 UTC (2 hours ago)
        
 (HTM) web link (infosec.rodeo)
 (TXT) w3m dump (infosec.rodeo)
        
       | brycelarkin wrote:
       | The CDK has made managing IAM so much easier for applications.
       | It's one of the main reasons we moved from Terraform to CDK.
        
         | theideaofcoffee wrote:
         | We did the opposite because there was so much obfuscation about
         | what exactly CDK was doing behind the curtains with respect to
         | "small" things like IAM. We needed to know exactly which role
         | was created or modified, etc, and we just couldn't get that
         | with the basic interfaces that CDK provided. Writing those
         | roles, users, groups, policies, attachments out explicitly into
         | their own resource statements made things so much more clear,
         | especially with respect to the relationships to other
         | resources, and less risky
        
       ___________________________________________________________________
       (page generated 2022-11-11 23:01 UTC)