Well, for a start, you could have a recorder that actually shows all the relevan... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nprateem on July 10, 2024 \| parent \| context \| favorite \| on: Awsviz.dev simplifying AWS IAM policies Well, for a start, you could have a recorder that actually shows all the relevant permissions for a particular API call so users can work out what they should set permissions on (including interactions with SCPs and anything else that could affect a decision).

rad_gruchalski on July 10, 2024 | [–]

You can easily get the first part of via the sdk https://cloudonaut.io/record-aws-api-calls-to-improve-iam-po....

Aeolun on July 10, 2024 | [–]

You can actually set this up in your account. It’ll record all the permission your roles actually use (over a customizable period of time), so you can remove all others

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact