amazon s3 – S3 IAM error while “put” ing logs from ALB to S3 bucket resource “aws_iam_role” “iam_role_replication” { name = “tf-iam-role-replication-12345” assume_role_policy = <<POLICY { “Version”: “2012-10-17”, “Statement”: [ { “Action”: “sts:AssumeRole”, “Principal”: { “Service”: “” }, “Effect”: “Allow”, “Sid”: “” } ] } POLICY } resource “aws_iam_policy” “iam_policy_replication” { name = “tf-iam-role-policy-replication-12345” policy = <<POLICY { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “s3:GetReplicationConfiguration”, “s3:ListBucket” ], “Effect”: … Read more

The Advanced Risk of Basic Roles In GCP IAM

Most GCP users know that granting basic roles is a really bad practice, but you may be surprised to learn that the risk is much more serious than it might seem because basic roles actually grant far more than what appears on the permissions list (which is already excessive, of course). For the owner role, … Read more