Comment by cube2222
3 years ago
Could you expand on how this compares to IAM's built-in Access Analyzer[0]?
[0]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-anal...
3 years ago
Could you expand on how this compares to IAM's built-in Access Analyzer[0]?
[0]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access-anal...
We have found several "problems" that we think can be done better 1) CloudTrail requires to run for a duration of time before suggesting a policy which means long time until getting value. What do you do until the suggestion? Run a less secure policy? 2) CloudTrial actually doesn't log all events so we are using either AWS SDK metrics or a proxy to make sure we get all activity 3) Integrations with Terraform, Git repository in order to make it easy to use in day to day 4) Hopefully in the future we can extend to other cloud vendors :)
To add some more pros, Access Analyzer has limits on the amount of policies you can generate at a certain time and doesn't support all AWS services