
AWS Security Documentation, by Category - Terretta
https://docs.aws.amazon.com/security/
======
reilly3000
Grokking all of that is a massive undertaking, but it really NEEDS to be done
by anybody deploying critical systems on AWS. I wish they would go so far as
to require some confirmation that the security docs were reviewed before being
able to deploy to a particular service. At least in cases where PII is
involved, it’s not optional in many jurisdictions to ignore them.

Sure that UX could hurt adoption, but wouldn’t it ultimately boost retention?
Success with a cloud IT org means nothing breaks and nothing leaks. Part of
helping customers succeed is helping them not to fail to the point of
catastrophic business risk. How many billions of private records have been
leaked from S3 or ElasticSearch because of simple, detectable, preventable
misconfiguration.

AWS provides a number of security and compliance services today- for a price.
They would do well to suggest sane defaults like they do with a default VPC.

~~~
tixocloud
This is where many folks don’t understand enterprise. The tech has gotta work
but it shouldn’t impact the business in a negative way either. This is why out
of the box, no vendors are perfect for us in the banking world because they
just don’t get it yet and hence, kicks off a huge wave of customisations just
to get it up to an enterprise security standard.

~~~
Terretta
We should talk... email in profile.

------
k__
Half-OT: On Twitter I read a few times people stopped using IAM, but never got
an answer when I asked what they were doing instead.

I had the impression IAM was required. Does anyone has more infos on this?

~~~
have_faith
You have to use IAM, but if you're feeling particularly rebellious then you
can setup one Admin account and one API account with liberal permissions and
never touch IAM again. For obvious reasons it wouldn't be recommended...

~~~
poxrud
I know that you said "For obvious reasons it wouldn't be recommended..." but
for anyone else reading please do not do this under any circumstances. If any
of your applications get compromised the attacker will have full control of
your entire AWS account.

