Brandon Edmunds

04/21/2023, 5:50 PM
Curious if anyone has thoughts or suggestions for an anti-pattern exception process. Say you have standard that says all S3 buckets should block public access, you have to make an exception for Web buckets. How do you audit that exception, to ensure it is still valid? Another example may be IAM users, you have a standard that says no IAM users should be used, but there are times where you need an IAM user, so you create an exception. How do you audit that exception regularly? UPDATE: Was able to find help in a different workspace, per usual, I was trying to make it over-complicated.