Comment by Boxxed
2 years ago
Interesting use of GPT; it's cool that it works as well as it does but I'd be nervous about the various insidious ways it can fail.
On another note, are there tools that will scan your AWS/GCP logs and emit configuration to limit permissions to what you're actually using? I could even see GPT doing better here too, or at least it would be easier to test.
We're currently focusing on a full shift-left approach to policy creation. Using AWS/GCP logs to create policies would work very well but it would need a few things to happen:
1. The service needs to be deployed 2. To produce an actual result, the calls that make use of the sdk need to be triggered
This is something that would be better included as an addition to monitor policy usage and adjust.