I wanted to like them, but poor security
The product idea is great and I was looking forward to working with them, but the IAM permissions they require are far too permissive and they wouldn't work with me to come up with a least-privilege permission set. They are violating the AWS Well Architected Framework recommendations. They want you to add the ReadOnlyAccess policy (which is too permissive) and then add explicit Denies to counteract the permissiveness. This is not a good approach as ReadOnlyAccess is managed by AWS and changes occasionally as new products and features are released. If you don't actively monitor this, you will end up inadvertently give nOps too much access to your accounts. nOps should fix this by issuing an IAM policy that has explicit grants for all the permissions it needs rather. This is necessary in order to be taken seriously given how much access nOps needs on an account.
There are no comments to display