Inconsistent Naming Conventions for AWS Actions
Trying to sort out what permissions you need in an AWS policy
I was trying to figure out what permissions I needed in SSM to perform a particular action.
The only thing I notice here that was related to what I was trying to do is “scanProvisionedProducts.” Click on it and it says it provides the ability to list provisioned products.
This is a bit annoying to anyone who has used AWS for any length of time. It is completely inconsistent with all the rest of the AWS CLI calls that offer either “describe” or “list” for this functionality.
In fact, it is annoying that you “describe” AWS EC2 instances and you “list” other resources like S3 buckets.
I can’t believe someone did not define a standard and it is not enforced. That’s one of the first things we did as a team at an organization where I helped them move a product to the cloud and create APIs. We decided on a standard as a team for these common functions. I actually thought we were modeling after AWS but turns out was not the case.
Fix: Well, now you’ve got a bunch of people using this oddly named function so it’s hard to retroactively go back and fix it without breaking a bunch of things. But the least you could do is when someone calls “list” or “describe” is to tell them in the error message to change that to the “scan” option.
The other thing AWS could do is to create aliases to create consistencies across products and features so that anywhere you run this command:
aws [service] list[Resource]
you get a list of whatever resource related to whatever service. Make it consistent. Everywhere. Then move on to add, edit, delete, deploy and make those consistent as well.
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts