Our great sponsors
-
terraform-cdk
Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
cerbos
Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
This is the way. I’ve seen this happen countless times. It’s happened to me too. It’s happened to colleagues.
The worst case I’m aware of from first-hand knowledge was a large cluster of resources that got deployed for a product demo by a sales engineer and forgotten about. Turned into a nice ~$100,000 surprise in the quarterly budget.
Netflix built a tool for managing IAM permission requests as an auditable workflow, called ConsoleMe: https://github.com/Netflix/consoleme
One potential solution: https://github.com/cerbos/cerbos. It's a standalone service (deployed alongside your app) which evaluates access decisions at runtime against contextual/arbitrary data on the principal and resources.
In your case, your resource could be a "record" for more global yes/no decisions, or perhaps as a "field" for more granular cases. Things like "can only get last 4 digits of phone number" could be achieved through attribute-based conditions set within the policies.
> I really liked the policy approach of IAM so my plan was to let data owners define policies that are then applied to users, groups, and roles
An advantage of Cerbos is that policies are defined and deployed separately from business logic in (yaml/json) config files, so no changes are required in code when policies need updating.
> At run time our coordinator engine will check levels of access to each query
Can't wrap my head around this particular part - is this checking if an entity can or cannot run a particular query, or specifically based on the "things" the query is returning?
(as a disclaimer I should mention that I work there, although Cerbos itself is Apache 2 licensed and completely free to use)
Related posts
- Stop Squinting at IaC Templates: Preview Diffs for Argo CD, Terraform, and more!
- What is the equivalent of docker-compose for terraform?
- Version of terraform binary cli does it include in the container
- Terraform Cloud Pricing Changes Sticker Shock
- Atlantis claims exemption from new HashiCorp license