Why wasn't this in place from the start?
Amazon has brought resource-level permissions to its main compute and database services, allowing businesses to pick and choose individual staffers' level of access to specific servers or databases. The move is aimed at enterprises that need to enforce stringent identity and access management policies. The resource-level …
Well, it was in place at the NSA ... nobody can get anything back out ... but you can index and sell the business intelligence which you collected for the NSA. If a buyer is in panic mode, as when consumers are disappearing, then "for the NSA" is as good as "by the NSA" as long as you have deep pockets.
In the US, information disclosed by Government is Public Domain, but information, however private, collected for the Government is your prize for being "cooperative".
D'oh, Amazon, do you honestly think anybody would run business critical processes like that ?
"Amazon Admins" is misleading. This release, according to the documentation, doesn't allow "Amazon admins" any rights at all. This is for us, the end user, to be able to determine who gets access to our servers, and NOT Amazon staff.
To their credit, Amazon engineers and admins make a point of telling you that they cannot, under any circumstances, log into your instances or databases. I've asked them during problems, and got firmly, yet politely told that this was never going to happen due to Security and Privacy rules they have in place.
Biting the hand that feeds IT © 1998–2020