> Instead of starting with "no access" then adding atomized access you have to understand this extremely complex "json privilege system". Instead of just programming, this is the only allowed IP, the is the only allowed bucket, this is the only allowed service, ...
What would that look like if it’s not going to be a series of access permissions and filters represented as JSON?
Security is never a simple checkbox and complaints like this about it needing to be simpler need to be backed up with an alternative. I genuinely wonder what alternative there is to the current permissions model.
It’s incredibly expressive and doesn’t take that long to understand. People who cannot master it would likely leave some other side door open anyway.
> ... and my max is 200usd, or something to that effect.
This has been a valid complaint for years. Though to solve it you need to answer what happens to legit resources when your billing cap is reached. Do all your ephemeral serves turn off? Do your EBs volumes all her deleted? Do your S3 objects all disappear?
Json is great. Their implementation of it, not so much.
Way to complex only needing to give permission to a single "thing". And much of the naming makes little sense to new yes.
DigitalOceans interface is easier for 90% of people.
But to be honest it's years ago that i worked with AWS, but i remember everything being way more complex than it had to be and i had to use days undestanding their enourmous interface and "usersystem". And as long as this is a problem that pops up again and again, something is very wrong with their system i would say.
If not creating a simpler interface / user system for regular users then at least give some huge warnings that unless you know what you are doing a key with the wrong JSON means access to all funds on the credit card.
What would that look like if it’s not going to be a series of access permissions and filters represented as JSON?
Security is never a simple checkbox and complaints like this about it needing to be simpler need to be backed up with an alternative. I genuinely wonder what alternative there is to the current permissions model.
It’s incredibly expressive and doesn’t take that long to understand. People who cannot master it would likely leave some other side door open anyway.
> ... and my max is 200usd, or something to that effect.
This has been a valid complaint for years. Though to solve it you need to answer what happens to legit resources when your billing cap is reached. Do all your ephemeral serves turn off? Do your EBs volumes all her deleted? Do your S3 objects all disappear?