[HN Gopher] AWS IAM having issues yet again
___________________________________________________________________
AWS IAM having issues yet again
Author : ManWith2Plans
Score : 51 points
Date : 2020-10-01 21:01 UTC (1 hours ago)
(HTM) web link (status.aws.amazon.com)
(TXT) w3m dump (status.aws.amazon.com)
| hikerclimb wrote:
| Good... hope issues are never resolved...
| jamestimmins wrote:
| Does anyone know of good IAM learning resources? They (along with
| networking) are the biggest barriers I have from using AWS.
| nexuist wrote:
| What are you trying to figure out? I will say IAM seems
| daunting because it's used by every other service; you don't
| have to know what every property or policy is in order to
| effectively secure your resources.
| krisfreedain wrote:
| The training offered on aws.training may be a good place to
| start:
| https://www.aws.training/LearningLibrary?&search=iam&tab=vie...
| viraptor wrote:
| Have your tried reading the AWS docs? As in actually spending
| some time to read the whole content? They have good
| descriptions, many guides, step-by-step instructions for simple
| examples, etc. You can go a long way with just those pages.
|
| If you want something more hand-holding, A Cloud Guru courses
| are pretty good.
| dividuum wrote:
| Maybe a stupid question, but isn't IAM related to almost any API
| access to AWS as it's used for authorization and authentication
| through a combination of identities and policies? Or does this
| outage only affect the meta level being access to IAM itself
| through its own API?
| sofal wrote:
| There are 3 basic ways in which you might see an IAM/Identity
| related issue:
|
| 1. Control plane problems - these will manifest as latency or
| errors when calling the IAM service itself to make
| updates/additions/deletions of users/roles/policies/groups/etc.
| This is the most likely scenario if the dashboard names "IAM"
| specifically as the issue.
|
| 2. Propagation problems - problems with propagation will
| manifest as delays in seeing your control plane (IAM) actions
| reflected in the dataplane. For example, if you remove a user,
| but the user is still able to authenticate to AWS services for
| a lengthy period of time.
|
| 3. Dataplane problems - this will be problems with
| authentication or authorization to any and all AWS services. A
| widespread problem with authentication is less likely, but
| extremely bad, and will probably not be categorized in the
| dashboard as a problem only with IAM, since "IAM" is
| technically the name of the control plane.
| [deleted]
| acdha wrote:
| The last time this happened I saw errors changing IAM entities
| but not using them or getting STS tokens, which made sense if
| it was related to propagating changes.
| ManWith2Plans wrote:
| This is what I experienced this time too. Still impacts
| development significantly if you use a tool like terraform.
| mcqueenjordan wrote:
| [Disclaimer: I'm speaking as an engineer personally, not for
| any company.]
|
| My understanding is that authz/authn flows have not been
| affected. If authz/authn flows (which occur on every API call)
| were affected, I suspect the effect would be _far_ more
| noticeable.
___________________________________________________________________
(page generated 2020-10-01 23:00 UTC)