Feeds

back to article Amazon admins get access controls for compute and database

Amazon has brought resource-level permissions to its main compute and database services, allowing businesses to pick and choose individual staffers' level of access to specific servers or databases. The move is aimed at enterprises that need to enforce stringent identity and access management policies. The resource-level …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Good, but...

Why wasn't this in place from the start?

4
0
Gold badge
Happy

Re: Good, but...

"Why wasn't this in place from the start?"

True. But it seems even the NSA does not have this capability.

2
0
Silver badge

Re: Good, but...

》Why wasn't this in place from the start?

Probably because it's new. You could ask why glacier long term storage or cloudfront CDN wasn't there at the start of S3, or whythere wasn't an RDBMS in the early days, same answer.

0
0
Bronze badge
Facepalm

Re: Good, but...

Well, it was in place at the NSA ... nobody can get anything back out ... but you can index and sell the business intelligence which you collected for the NSA. If a buyer is in panic mode, as when consumers are disappearing, then "for the NSA" is as good as "by the NSA" as long as you have deep pockets.

In the US, information disclosed by Government is Public Domain, but information, however private, collected for the Government is your prize for being "cooperative".

D'oh, Amazon, do you honestly think anybody would run business critical processes like that ?

1
0
Anonymous Coward

What about the Amazon admins?

And will Amazon offer customers the ability to specify which Amazon admins have access to the customer system? No? Still not very useful then.

0
0
Anonymous Coward

Misleading title

"Amazon Admins" is misleading. This release, according to the documentation, doesn't allow "Amazon admins" any rights at all. This is for us, the end user, to be able to determine who gets access to our servers, and NOT Amazon staff.

To their credit, Amazon engineers and admins make a point of telling you that they cannot, under any circumstances, log into your instances or databases. I've asked them during problems, and got firmly, yet politely told that this was never going to happen due to Security and Privacy rules they have in place.

0
0
This topic is closed for new posts.