I have indeed found that it's difficult to silo access to specific resources wit... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jackconsidine on Oct 3, 2022 \| parent \| context \| favorite \| on: Have lots of AWS accounts I have indeed found that it's difficult to silo access to specific resources with AWS IAM. I use these custom policies a lot, which give write access to a specific S3 Bucket [0], and give sending capabilities for a specific SES Identity [1] respectively: [0]https://koptional.notion.site/IAM-Policy-for-select-S3-Acces... [1] https://koptional.notion.site/IAM-Policy-for-email-sending-o...

simonw on Oct 3, 2022 [–]

I ended up writing a whole custom tool for generating credentials and policies for specific S3 buckets:

- https://s3-credentials.readthedocs.io/

- https://simonwillison.net/2021/Nov/3/s3-credentials/

- https://simonwillison.net/2022/Jan/18/weeknotes/

jackconsidine on Oct 3, 2022 | [–]

Whoa this is awesome! Wish I knew about this. It's really polished

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact