Hacker News new | past | comments | ask | show | jobs | submit login

The other bit would be blast radius. What if someone does get access to your single account? How confident are you that your policies were airtight? By using many accounts, you create clear isolation boundaries that require opt-in sharing.



>>> By using many accounts, you create clear isolation boundaries that require opt-in sharing.

In theory yes. In practice, you will achieve the opposite of that.

Developers and ops will have to juggle between 10 keys and accounts to get anything. The keys will end up saved and written all over the systems. It will be impossible to have audit between all the accounts and access.


Op here. I don't think you read the blog post! Our entire engineering org has a grand total of 0 AWS keys!

Per-account isolation is great for security and especially reliability, if you run in to constant ratelimit issues like we do.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: