Andrew Guenther Profile picture
Building the future of hyperspectral intelligence at Orbital Sidekick. Previously at AWS. I build stuff in the cloud and have strong opinions about it.
Mar 29, 2022 5 tweets 2 min read
Had a new hire start today who immediately pinged me to let me know that he was given admin access to his dev #AWS account and he probably shouldn't have that.

Nah man, we just care about good #devex. But how do we do it? 🧵 First off, we use AWS Organizations to manage our multi-account environment. Organizations has a feature called Security Control Policies (SCPs) which can limit max permissions for all accounts in your org. We use it to disable regions and services we don't use.