I'm afraid it's something I need to agree with. So many areas where resource-bas... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

lol768 48 days ago | parent | context | favorite | on: Google to buy Wiz for $32B

I'm afraid it's something I need to agree with.

So many areas where resource-based conditions just do not work with particular GCP product offerings and you're forced to give out much broader access than you should be giving out. It's half-arsed and prevents you implementing PoLP.

AWS has a steeper learning curve here, but I've never been unable to constrain down e.g. access to an SNS topic in the way I want to.

Aeolun 47 days ago | [–]

Feel like AWS is the opposite. It’s often a pain to go as granular as you can go.

bfeynman 38 days ago | | [–]

In GCP there are many tier-1 services where that is not even possible. It's also definitely gotten way easier to do this using IaC etc.

ExoticPearTree 47 days ago | [–]

I second that. AWS is insanely granular.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact