In my last post we looked at the structure of AWS IAM policies and looked at an example of a policy that was too broad. Let's look at a few more examples to explore how broad permissions can lead to security concerns. By far the most common form of broad permissions occurs when policies are scoped to a service but not to specific actions.

Stackery can be used to create a new CloudFormation template or to quickly visualize an existing one. Code is automatically generated as you simply drag-and-drop resources on a graphical grid. The experience is much more intuitive than previous generation tools like AWS CloudFormation Designer. Stackery visualizes resources the way a human would perceive them, grouping related resources together.

As your infrastructure grows, getting a handle on all your AWS resources can be overwhelming. While that’s probably an understatement, help could be right around the corner. We’ll cover a few CloudFormation visualizer tools that can help, but let’s level set first. AWS CloudFormation is an established Infrastructure-as-Code solution that allows you to define, provision, organize, manage and update your AWS resources from a text-file template.

Defining and managing your AWS resources using an Infrastructure-as-Code (IaC) approach implemented with CloudFormation templates makes a lot of sense. While implementing IaC is a widely accepted best practice, it does come with challenges. Managing your infrastructure from lines of code and text-file templates, in the case of AWS CloudFormation, can quickly become overwhelming. We built stack.new to ease that pain.