Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Sign in
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

I wanted to like them, but poor security

  • By security-minded
  • on 01/27/2025

The product idea is great and I was looking forward to working with them, but the IAM permissions they require are far too permissive and they wouldn't work with me to come up with a least-privilege permission set. They are violating the AWS Well Architected Framework recommendations. They want you to add the ReadOnlyAccess policy (which is too permissive) and then add explicit Denies to counteract the permissiveness. This is not a good approach as ReadOnlyAccess is managed by AWS and changes occasionally as new products and features are released. If you don't actively monitor this, you will end up inadvertently give nOps too much access to your accounts. nOps should fix this by issuing an IAM policy that has explicit grants for all the permissions it needs rather. This is necessary in order to be taken seriously given how much access nOps needs on an account.


There are no comments to display