aws
I found a odd control in AWS Security Hub’s CIS Benchmark 3 findings. It reports “IAM Access Analyzer external access analyzer should be enabled”, even if it is enabled in another account with organization-wide scope. Support’s advice is to disable the control.
Fine. It seems like an edge case, although maybe a common one for orgs with multiple accounts. I’m OK with silencing the false positive since we monitor that other account with its own CIS Benchmark 3 report.
Released The Policy Wonk
Today we released the first public version of “The Policy Wonk”, or just “Wonk”. It’s a nifty tool we’ve been using at Amino for several months to manage our ever-growing set of AWS IAM policies, and acts as a sort of compiler/optimizer to combine lots of them together.
Although it’s a young project, I’m proud of how it shaped up and I think it’ll be useful for lots of people.