Agreed. What type of app requires you to give up your credentials to something as sensitive as your infrastructures credentials?! No fucking way. Fix this asap.
Edit: Any admin that gives these up should probably not be in the role they are. I'd fire someone over something like this. The OP commented further down that "64%" gave up their credentials. I think their bosses need to know about that or their clients should be warned.
I don't care who this guys is and how much assurance he can offer; there is no reason for this.
Thanks for the feedback. Can I ask what you would suggest as an alternative for people wanting to try the product? Our app is useless without access to the AWS APIs, and although IAM credentials could be created (as people below have), for the app to be fully functional it would require near full access permissions anyway.
We definitely need to give more before users have to enter their credentials, like a tutorial and demo video which are in the works, but as far as actually using the product, I don't see a way around it.
As noted below, this is actually very common. RightScale, Scalr, OpDemand, NewVem, and all other AWS third party tools require this information.
Not trying to say you are wrong, you're not, it's rightfully a big concern for people, but unless AWS change the way their APIs work, what are we supposed to do?
That's a good idea, although it would limit the features to just being a diagramming tool, but at least they can take a look. Really good suggestion, will give it some consideration, thanks.
Edit: Any admin that gives these up should probably not be in the role they are. I'd fire someone over something like this. The OP commented further down that "64%" gave up their credentials. I think their bosses need to know about that or their clients should be warned.
I don't care who this guys is and how much assurance he can offer; there is no reason for this.