Tom MeadonNov 16, 2022

I didn’t realise #iam in #aws could get so complex. I don’t want to open a can of worms here, but I feel this is something #azure got right - sure IAM in Azure _can_ get complex, but by and large it works exactly as you would expect it to work.

https://infosec.rodeo/posts/thoughts-on-aws-iam/

AWS IAM Roles, a tale of unnecessary complexity

This is going to be a highly opinionated blog post. I think AWS is great and use it daily, but their implementation of IAM is unnecessarily complicated.

infosec.rodeo
Show threadDavid O'Brien (he/him/his)

@tommeadon I tend to agree, but in my experience that's mostly true because of my experience of "legacy ADDS" from back in the day. Azure IAM is similar to it.

AWS IAM is very different, not necessarily centralised (although it can be) and often confusing to people with different experience.

That said, especially cross-account IAM still makes my brain melt.

Nov 16, 2022 at 10:29pmWeb
Show threadTom MeadonNov 17, 2022
@dob yes I suspect you’re right there. Makes me shudder thinking about how deeply ingrained some of those old ADDS concepts are in my brain!