Making an attempt to kind out what permissions you want in an AWS coverage
I used to be making an attempt to determine what permissions I wanted in SSM to carry out a specific motion.
The one factor I discover right here that was associated to what I used to be making an attempt to do is “scanProvisionedProducts.” Click on on it and it says it supplies the flexibility to listing provisioned merchandise.
This can be a bit annoying to anybody who has used AWS for any size of time. It’s utterly inconsistent with all the remainder of the AWS CLI calls that provide both “describe” or “listing” for this performance.
Actually, it’s annoying that you just “describe” AWS EC2 cases and also you “listing” different assets like S3 buckets.
I can’t consider somebody didn’t outline a typical and it’s not enforced. That’s one of many first issues we did as a workforce at a corporation the place I helped them transfer a product to the cloud and create APIs. We selected a typical as a workforce for these frequent capabilities. I really thought we have been modeling after AWS however seems was not the case.
Repair: Effectively, now you’ve bought a bunch of individuals utilizing this oddly named operate so it’s exhausting to retroactively return and repair it with out breaking a bunch of issues. However the least you may do is when somebody calls “listing” or “describe” is to inform them within the error message to alter that to the “scan” choice.
The opposite factor AWS might do is to create aliases to create consistencies throughout merchandise and options in order that wherever you run this command:
aws [service] listing[Resource]
you get an inventory of no matter useful resource associated to no matter service. Make it constant. In all places. Then transfer on so as to add, edit, delete, deploy and make these constant as properly.
Teri Radichel — Observe me @teriradichel on Twitter
© 2nd Sight Lab 2022
____________________________________________
About this weblog:
Wish to study extra about Cybersecurity and Cloud Safety? Try: Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration check or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Sources by Teri Radichel: Cybersecurity and Cloud safety lessons, articles, white papers, displays, and podcasts
