undefined | Better HN

0 pointsmannyv2y ago0 comments

Exactly. This difference makes it easier to (1)understand how IAM works, and (2) how the s3 works...because IAM and S3 work together, but in a different way than the other services.

I heard that AA is done via asics, but resource-level permissions implies that authorization is done at the local level for s3. To me that implies that the system extracts S3 permissions from IAM and sends them downstream s3, which get merged with stuff that s3 manages.

I guess that occurs when permissions are saved up in IAM world. At some point those need to be joined against a principal somewhere, as roles can exist without assignment.

Again, it's be so interesting to see how this is done IRL.

0 comments

vdm2y ago

AWS re:Invent 2022 - A day in the life of a billion requests (SEC404) https://www.youtube.com/watch?v=tPr1AgGkvc4

j / k navigate · click thread line to collapse

0 pointsmannyv2y ago0 comments

Exactly. This difference makes it easier to (1)understand how IAM works, and (2) how the s3 works...because IAM and S3 work together, but in a different way than the other services.

I guess that occurs when permissions are saved up in IAM world. At some point those need to be joined against a principal somewhere, as roles can exist without assignment.

Again, it's be so interesting to see how this is done IRL.