2 個答案
- 最新
- 最多得票
- 最多評論
3
I saw this article and provides an alternative:
Another option, I have seen implemented is via DevOps processes. We used Jenkins for all deployment and managed permissions on Jenkins jobs for user community. The Jenkins would then perform deployments for us into AWS.
已回答 1 年前
0
You could do a combination of the following:
- Centralize permissions check under AWS Organizations and SCPs: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html. You can then centrally deny actions and set permission boundaries.
- You could have a Terraform AWS User for the specific environment (e.g. Dev), so that that user is allowed to perform certain "admin-like" actions, while individual AWS users (your own Access/Secret keys) get "restricted".
相關內容
- 已提問 6 個月前