Open in app

Sign in

Write

Sign in

What’s worse, and even more clear to me five years later, is that

Srsajol
3 min readNov 12, 2020

--

We have one engineer working on this and it needs to be added by the end of next week. Do you even know how to implement these custom form controls across browsers? Just go add the new section and make it look like the rest of the page.”
The result can look something like this. If you try this yourself, you might be in for an unpleasant surprise if you aren’t expecting any principals to be highly privileged:

https://www.robertfranklindmd.com/ero/a-v-z1.html
https://www.robertfranklindmd.com/ero/a-v-z2.html
https://www.robertfranklindmd.com/ero/c-v-e1.html
https://www.robertfranklindmd.com/ero/c-v-e2.html
https://www.robertfranklindmd.com/ero/e-v-f1.html
https://www.robertfranklindmd.com/ero/e-v-f2.html
https://www.robertfranklindmd.com/ero/e-v-f3.html
https://www.robertfranklindmd.com/ero/e-v-f4.html
https://www.robertfranklindmd.com/ero/i-v-g1.html
https://www.robertfranklindmd.com/ero/i-v-g2.html
https://www.robertfranklindmd.com/ero/o-v-c1.html
https://www.robertfranklindmd.com/ero/o-v-c2.html
https://www.robertfranklindmd.com/ero/o-v-c3.html
https://www.robertfranklindmd.com/ero/r-v-o1.html
https://www.robertfranklindmd.com/ero/r-v-o2.html
https://www.robertfranklindmd.com/fri/e-v-i1.html
https://www.robertfranklindmd.com/fri/e-v-i2.html
https://www.robertfranklindmd.com/fri/s-v-n1.html
https://www.robertfranklindmd.com/fri/s-v-n2.html
https://www.robertfranklindmd.com/fri/s-v-t1.html
https://www.robertfranklindmd.com/fri/s-v-t2.html
https://www.robertfranklindmd.com/fri/w-v-u1.html
https://www.robertfranklindmd.com/fri/w-v-u2.html
https://www.robertfranklindmd.com/fri/w-v-u3.html
https://www.robertfranklindmd.com/fri/w-v-u4.html
https://www.robertfranklindmd.com/ero/s-v-s1.html
https://www.robertfranklindmd.com/ero/s-v-s2.html
https://www.robertfranklindmd.com/ero/t-v-c1.html
https://www.robertfranklindmd.com/ero/t-v-c2.html
https://www.robertfranklindmd.com/ero/t-v-c3.html
https://www.robertfranklindmd.com/ero/u-v-u1.html
https://www.robertfranklindmd.com/ero/u-v-u2.html
https://www.robertfranklindmd.com/pip/s-v-b1.html
https://www.robertfranklindmd.com/pip/s-v-b2.html
https://www.robertfranklindmd.com/pip/s-v-h1.html
https://www.robertfranklindmd.com/pip/s-v-h2.html
https://www.robertfranklindmd.com/pip/s-v-l1.html
https://www.robertfranklindmd.com/pip/s-v-l2.html
https://www.robertfranklindmd.com/pip/s-v-o-t1.html
https://www.robertfranklindmd.com/pip/s-v-o-t2.html
https://www.robertfranklindmd.com/pip/s-v-q1.html
https://www.robertfranklindmd.com/pip/s-v-q2.html
https://www.robertfranklindmd.com/pip/s-v-r-t1.html
https://www.robertfranklindmd.com/pip/s-v-r-t2.html
https://www.robertfranklindmd.com/pip/s-v-s-tv1.html
https://www.robertfranklindmd.com/pip/s-v-s-tv2.html
https://www.robertfranklindmd.com/rob/w-v-b4.html
https://www.robertfranklindmd.com/rob/w-v-b3.html
https://www.robertfranklindmd.com/rob/w-v-b2.html
https://www.robertfranklindmd.com/rob/w-v-b1.html
https://www.robertfranklindmd.com/rob/w-v-a4.html
https://www.robertfranklindmd.com/rob/w-v-a3.html
https://www.robertfranklindmd.com/rob/w-v-a2.html
https://www.robertfranklindmd.com/rob/w-v-a1.html
https://www.robertfranklindmd.com/rob/x-v-c2.html
https://www.robertfranklindmd.com/rob/x-v-c1.html
https://www.robertfranklindmd.com/rob/x-v-b2.html
https://www.robertfranklindmd.com/rob/x-v-b1.html
https://www.robertfranklindmd.com/rob/x-v-a2.html
https://www.robertfranklindmd.com/pip/g-v-a1.html
https://www.robertfranklindmd.com/pip/g-v-a2.html
https://www.robertfranklindmd.com/pip/g-v-a3.html
https://www.robertfranklindmd.com/pip/g-v-a4.html
https://www.robertfranklindmd.com/pip/m-v-c1.html
https://www.robertfranklindmd.com/pip/m-v-c2.html
https://www.robertfranklindmd.com/pip/m-v-c3.html
https://www.robertfranklindmd.com/pip/m-v-c4.html
https://www.robertfranklindmd.com/sam/a-v-p-s1.html
https://www.robertfranklindmd.com/sam/a-v-p-s2.html
https://www.robertfranklindmd.com/sam/a-v-p-s3.html
https://www.robertfranklindmd.com/sam/a-v-p-s4.html
https://www.robertfranklindmd.com/sam/a-v-p-s5.html
https://www.robertfranklindmd.com/sam/b-v-e-s1.html
https://www.robertfranklindmd.com/sam/b-v-e-s2.html
https://www.robertfranklindmd.com/sam/b-v-e-s3.html
https://www.robertfranklindmd.com/sam/b-v-e-s4.html
https://www.robertfranklindmd.com/sam/e-v-b-s1.html
https://www.robertfranklindmd.com/sam/e-v-b-s2.html
https://www.robertfranklindmd.com/sam/e-v-b-s3.html
https://www.robertfranklindmd.com/sam/e-v-b-s4.html
https://www.robertfranklindmd.com/sam/e-v-b-s5.html
https://www.robertfranklindmd.com/sam/p-v-a-s1.html
https://www.robertfranklindmd.com/sam/p-v-a-s2.html
https://www.robertfranklindmd.com/sam/p-v-a-s3.html
https://www.robertfranklindmd.com/sam/p-v-a-s4.html
https://www.robertfranklindmd.com/sam/p-v-a-s5.html

As a motivating example, we wanted to quickly see which principals had root or “root-like” privileges in our environment. An IAM policy like this allows the equivalent of root privileges to all principals it is attached to because it allows any action to be performed on any resource:

It’s great that we have the data, but it’s cumbersome to need to remember all the rules of IAM policy evaluation to answer this question. It would save us a lot of time to be able to simply ask “who has permission to read from my storage buckets?” or “who has permission to run queries on my DynamoDB tables?”
I completely redid the settings pages based on what I thought was good visual design. I’m not saying I’m proud of this visual design today. In fact I’d improve this 100 different ways today, so I’m happy to see my progress. However, this was me trying my best at my first product design gig, in 2015. Oh, and I was the only designer there.

Sports

--

--

Srsajol

Written by Srsajol

0 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams