The Chrome extension asks for permission to "Read and change your data on all auth0.com sites, all aws.amazon.com sites, and all deref.io sites"
That's a LOT of power to give some random extension to my AWS account. I'm not going to do that unless I know EXACTLY what it does, how, and why.
The vaguer you are, the less I trust you.
And that doesn't get into why this extension also needs access to auth0 which is not described in the overview at all.
As for the auth0.com access, that's a bug! It's fixed in the next release. Sorry about that.
EDIT: The extension is also open source, if that's helpful at all - https://github.com/deref/deref-browser-extensions
of course, code obfuscation is a thing.
Why do you believe that? https://github.com/deref/deref-browser-extensions
In our customer discovery calls, we've heard so much about how folks dislike the AWS Console. We figured we should do something about that!
This extension is super early days, but we'd love for it to grow. Feedback welcome!
Can you share more about that?
I've talked to _lots_ of folks who have nearly 100% IaC coverage, including folks who only expose read-only console access to the majority of their devs. But I haven't met anyone who has successfully managed to avoid logging in to the console during production incidents to debug things.
One feature we're looking at potentially adding is "Go To Definition", that lets you go from the AWS Console and jump directly to the Terraform code that produced that resource. Would that be useful to you?
And yes, jumping to terraform would indeed be a useful feature to have :)
That's a bingo.
I guess I could load it unpacked but the utility isn't high enough for me to go through the source myself.
I know you guys are well-intentioned and I'm trying to help you here by finding out what the key thing is that would make me comfortable and I'm really coming up with nothing. I just think it's too much power to get not that much utility for me.
Sorry I couldn't come up with anything concrete.
I'm most interested in this:
> too much power to get not that much utility
Is there something that pains you enough that if you had a fix for it, you'd overlook your security concerns?
However, I have used those extensions that merge Google Calendar events together and that was borderline for me. I think if I had a tool that would generate Terraform based on the summary page of an AWS construct I might consider using the extension. It would still be a reach though.
This is definitely something we've considered. Our primary platform over at https://www.deref.io/ (still in closed beta) can export resources to Terraform or Pulumi. Video from a few months ago available here: https://youtu.be/DsZsYs_N4NU – If that's interesting to you, drop us a note at firstname.lastname@example.org and we can talk about your needs.
Enhancement Suite for AWS or
Deref Enhancement Suite for AWS
to avoid confusion?