Hacker News new | past | comments | ask | show | jobs | submit login

Yes, you nailed it with "it shouldn't be routine" and there for sure should be a review process. My primary concern with the audit logs actually isn't security it's lowering the cowboy of the software lifecycle

> combined with some kind of “taint” mode where your access to a server triggers a rebuild after the dust has settled.

Oh, I love that idea: thanks for bringing it to my attention. I'll for sure incorporate that into my process going forward




The first time I heard it was a very simple idea: they had a wrapper for the command which installed SSH keys on an EC2 instance which also set a delete-after tag which CloudCustodian queried.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: