Reputation: 4213
How to manage environments on AWS
In our company, we are adding administrator role to all devs. I think this is a big risk, and now I want to restrict devs privileges. My goal is that a dev can add any resource, but can't touch test and production environments.
I was thinking to make a group on IAM and set the following policy, but maybe there is a better approach.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "*:*",
"Resource": "*-dev-*"
}
]
}
Is there a set of best practices to work with several environments (dev, test, prod) on AWS?
Upvotes: 0
Views: 178
Answers (1)
Reputation: 46879
Your best bet is to have completely separate AWS accounts, one or more just for production and one or more for just for dev/test environments.
For billing purposes you can tie them altogether if you want to.
You definitely don't want all of your devs to have administrator access to your prod environment, and a separate account will help limit the possibility of a catastrophic mistake being made.
Upvotes: 1
Related Questions
- AWS IAM Instance Profile to Administer EC2 Instances With that Profile
- Automated creation of a new environment in AWS
- How to organize multiple projects each with different qa and live environment on AWS?
- IAM: How to structure Policies and Groups
- IAM policy variables
- How to differentiate between different AWS Environments - Dev, Test, Stage, Production?
- AWS Enterprise Account - IAM Settings
- AWS IAM Access Management
- How handle multiple environment for AWS SNS?
- Managing Amazon EC2 instances