Notes on "How secure is secure enough in AWS?"

Notes on How secure is secure enough in AWS?

After reviewing dozens upon dozens of AWS architectures, I've noticed a pattern: the most secure environments aren't the most restrictive - they're the most thoughtfully designed.

This thought resonates with me. I found that security (and reliability as well) goes downhill when there is a pressure to "fix this thing very quickly". That usually means the "fix" is not in-line with the general guidelines of the architecture.

Somebody needs permission to investigate an issue in production. Somebody else needs a permission to configure something in a client account. Then in a few months nobody has any idea who has access to what which usually leads to a situation where security controls can be circumvented: the breach of a low-level account leads to escalation along these cracks. Worse still, it's usually quite impossible to remove permissions because that can lead to an operational problem. I wrote about Why systems tend to get less secure over time.

Of course, emergencies happen. But if they happen on a daily or weekly basis instead of once a year then that indicates an organizational problem where processes work because of "quick fixes" and not because of thoughtful design.