Cloud Guardrails best practice: Use application-specific roles

Architecture

Use application-specific roles

Use application-specific roles wherever possible, enabling least-privilege to your roles versus shared roles with a superset of permissions.

Summary

Use application-specific roles wherever possible. This makes it possible to apply least privilege to the roles versus a shared role that needs the superset of all permissions. To make this work an organization needs automation that creates application roles automatically.

Applicable To

Setting this up requires some investment, the practice is probably more relevant for larger companies that have the basics addressed.

Resources

IAM

Maturity

High

Functions

Security

CSPS

AWS

Author

Travis McPeak

Additional Links

View on GitHub Contribute on GitHub

Back to Home