[HN Gopher] AWS IAM having issues yet again ___________________________________________________________________ AWS IAM having issues yet again Author : ManWith2Plans Score : 51 points Date : 2020-10-01 21:01 UTC (1 hours ago) (HTM) web link (status.aws.amazon.com) (TXT) w3m dump (status.aws.amazon.com) | hikerclimb wrote: | Good... hope issues are never resolved... | jamestimmins wrote: | Does anyone know of good IAM learning resources? They (along with | networking) are the biggest barriers I have from using AWS. | nexuist wrote: | What are you trying to figure out? I will say IAM seems | daunting because it's used by every other service; you don't | have to know what every property or policy is in order to | effectively secure your resources. | krisfreedain wrote: | The training offered on aws.training may be a good place to | start: | https://www.aws.training/LearningLibrary?&search=iam&tab=vie... | viraptor wrote: | Have your tried reading the AWS docs? As in actually spending | some time to read the whole content? They have good | descriptions, many guides, step-by-step instructions for simple | examples, etc. You can go a long way with just those pages. | | If you want something more hand-holding, A Cloud Guru courses | are pretty good. | dividuum wrote: | Maybe a stupid question, but isn't IAM related to almost any API | access to AWS as it's used for authorization and authentication | through a combination of identities and policies? Or does this | outage only affect the meta level being access to IAM itself | through its own API? | sofal wrote: | There are 3 basic ways in which you might see an IAM/Identity | related issue: | | 1. Control plane problems - these will manifest as latency or | errors when calling the IAM service itself to make | updates/additions/deletions of users/roles/policies/groups/etc. | This is the most likely scenario if the dashboard names "IAM" | specifically as the issue. | | 2. Propagation problems - problems with propagation will | manifest as delays in seeing your control plane (IAM) actions | reflected in the dataplane. For example, if you remove a user, | but the user is still able to authenticate to AWS services for | a lengthy period of time. | | 3. Dataplane problems - this will be problems with | authentication or authorization to any and all AWS services. A | widespread problem with authentication is less likely, but | extremely bad, and will probably not be categorized in the | dashboard as a problem only with IAM, since "IAM" is | technically the name of the control plane. | [deleted] | acdha wrote: | The last time this happened I saw errors changing IAM entities | but not using them or getting STS tokens, which made sense if | it was related to propagating changes. | ManWith2Plans wrote: | This is what I experienced this time too. Still impacts | development significantly if you use a tool like terraform. | mcqueenjordan wrote: | [Disclaimer: I'm speaking as an engineer personally, not for | any company.] | | My understanding is that authz/authn flows have not been | affected. If authz/authn flows (which occur on every API call) | were affected, I suspect the effect would be _far_ more | noticeable. ___________________________________________________________________ (page generated 2020-10-01 23:00 UTC)