What’s nice about having 30 years of experience is that I don’t need anyone else’s confirmation when I realize something is poorly designed. If I can build firewalls in OpenBSD or Cisco IOS in text mode, SELinux, etc and IAM is coming off as byzantine, it’s because it is.
Not that I blame Amazon. I think they’re a victim of their own success in this regard and it was a solution that was devised ad hoc reactively as they ran into authorization problems rather than something that was architected top down. When you do that you always end up with a mess, but they may not have had a choice.
Not that I blame Amazon. I think they’re a victim of their own success in this regard and it was a solution that was devised ad hoc reactively as they ran into authorization problems rather than something that was architected top down. When you do that you always end up with a mess, but they may not have had a choice.