> From AWS’s perspective the whole VM is in the same security context. That's AW... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

dotancohen on Nov 24, 2021 | parent | context | favorite | on: IPv6-only subnets and EC2 instances

  > From AWS’s perspective the whole VM is in the same security context.

That's AWS's perspective. But my perspective, as an AWS customer, is important as well. And I might want to run something on a VM that I myself don't necessarily trust - that is the ultimate benefit of an ephemeral, isolated VM.

Spivak on Nov 24, 2021 [–]

Right, then you run that code in a VM that has no ambient privs. If you still need to do AWS access stuff then you just stick your access keys in files somewhere your untrusted process can't touch like if you weren't on AWS.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact