Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I wish it is a list of <who, what, which>. Right now you can't even get a comprehensive list of people who can access this S3 object. Add assume roles, conditional access, cross account, per-service object level policy into the mix I don't think it's even actually possible for AWS to implement that.

I found GCP's access control to be much simpler but more limited than AWS. They're adding complexity though with conditional access. In GCP the "who" in most case is an email (Google Account, Google Groups, service account)



You are right : "much simpler but more limited"

And because you can limit yourself, you can effectively simplify your way of consuming IAM

"He who can do more can do less"




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: