Hacker News new | past | comments | ask | show | jobs | submit login

I think you're referring to the Cognito team. As far as I know, IAM has never had managing user identities outside AWS among its goals.

People rarely think about the true purpose and power of IAM and its equivalent services in other platforms. Its real function is to decouple teams from each other, which is what enables the platform to grow. IAM is the glue that federates services together. What developers see is a powerful, relatively low level RBAC/PBAC API for that, but through that API you can get a glimpse of just how agnostic IAM is to the information that it's managing - and how central it is to the rest of AWS. (Fun fact - you can actually use IAM to evaluate completely made up policies/principals/resources, because it's agnostic to what it's evaluating and the PDP API is available to everyone.)

Comparing this to Google or Azure, AWS IAM is architecturally superior - at least in terms of extensibility.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: