Reliability @OpenAI. Previously @OrbitalSidekick, @AWS. I build stuff in the cloud and have strong opinions about it.
Mar 29, 2022 • 5 tweets • 2 min read
Had a new hire start today who immediately pinged me to let me know that he was given admin access to his dev #AWS account and he probably shouldn't have that.
Nah man, we just care about good #devex. But how do we do it? 🧵
First off, we use AWS Organizations to manage our multi-account environment. Organizations has a feature called Security Control Policies (SCPs) which can limit max permissions for all accounts in your org. We use it to disable regions and services we don't use.