You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One consideration you might like to document is that when using cloud native services to deploy your infrastructure you have an additional security benefit in that the role which has permissions to amend your production infrastructure is only assumable by a cloud service (code build etc) and not assumable by any 'human' role.
Equally applying roles with different permissions to different stages in the deployment pipeline helps to ensure that, for example a deployment meant for a development account cannot actually be performed against a production account.
The text was updated successfully, but these errors were encountered:
One consideration you might like to document is that when using cloud native services to deploy your infrastructure you have an additional security benefit in that the role which has permissions to amend your production infrastructure is only assumable by a cloud service (code build etc) and not assumable by any 'human' role.
Equally applying roles with different permissions to different stages in the deployment pipeline helps to ensure that, for example a deployment meant for a development account cannot actually be performed against a production account.
The text was updated successfully, but these errors were encountered: