HackerTrans
TopNewTrendsCommentsPastAskShowJobs

DanielSlauth

no profile record

Submissions

Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP

122 points·by DanielSlauth·3 lata temu·77 comments

Ask HN: IAM Policies and Early-Adaptors

2 points·by DanielSlauth·3 lata temu·0 comments

Launch HN: Slauth.io (YC S22) – IAM Policy Auto-Generation

63 points·by DanielSlauth·4 lata temu·32 comments

comments

DanielSlauth
·2 lata temu·discuss
Looks awesome!
DanielSlauth
·3 lata temu·discuss
>I'd like to challenge you on what seems to be the main claim behind why Slauth is a necessary product: "the amount of money that is being spent on tooling to scan for IAM misconfigurations in the cloud.

The quote you use got me to further research the market and speak to users of those toolings. From speaking to the users it was evident that the amount of misconfigurations being deployed wasn't being reduced.

I imagine users of cloud scanning tools would also use a pro-active tool like Slauth or any other shift-left tool that would aim at preventing as opposed to reacting.
DanielSlauth
·3 lata temu·discuss
Perhaps I should have emphasized better that indeed the LLM's are trustworthy by themselves and require several extra checks. These would be policy simulators, connecting to cloud environments and running checks in Dev/Staging.

Again, I understand the skepticism using LLM's but currently everything is done manually and it shows that doesn't work well. So using LLM's is a quick way to improve the current situation and hopefully we can further compliment it with checks and balances
DanielSlauth
·3 lata temu·discuss
I believe the minute you connect a Dev or staging environment to Slauth.io and we can run simulations and show divs we can offer pretty strong SLA's..
DanielSlauth
·3 lata temu·discuss
The open-source project is a CLI you can put into your CI/CD so i think a pretty neat workflow where there should be less friction considering DevOps/security don't need to ping-pong on permissions.
DanielSlauth
·3 lata temu·discuss
Thanks and let's see what Q will look like. I'm hoping the project will further evolve in integrating it in your CI/CD with PR's when commit requires IAM changes.
DanielSlauth
·3 lata temu·discuss
First of all its pretty awesome your permissions are very tight. You are definitely on the other side of the spectrum compared to the rest. I get it that there is a lot of skepticism because of people hyping LLM's so indeed for now we use it as Copilot and not the driver. Hopefully you can agree though its pretty random that we are still manually creating IAM policies and need to get accustomed with the thousands of different permissions :)
DanielSlauth
·3 lata temu·discuss
Do you think humans are doing a better job? Research shows that 95% of the permissions granted to users aren't used which creates huge problems and is a reason for spending millions in security tools. Why not use Slauth and other checks such as policy simulators to get tightened policies pre-deployed
DanielSlauth
·4 lata temu·discuss
Nice! Will work on the pricing tiers and features. Regardless, would love for you to test it out and we can agree on the above $150/mo for 200 policies :)
DanielSlauth
·4 lata temu·discuss
Thank you for the feedback!! We needed something to start of with but your arguments are very fair so we will have to change it. Would you like to sign up for the Beta and give it a try? Would absolutely love your opinionated feedback :D Also, how much would you pay? Could you give us some insights there.
DanielSlauth
·4 lata temu·discuss
We have found several "problems" that we think can be done better 1) CloudTrail requires to run for a duration of time before suggesting a policy which means long time until getting value. What do you do until the suggestion? Run a less secure policy? 2) CloudTrial actually doesn't log all events so we are using either AWS SDK metrics or a proxy to make sure we get all activity 3) Integrations with Terraform, Git repository in order to make it easy to use in day to day 4) Hopefully in the future we can extend to other cloud vendors :)
DanielSlauth
·4 lata temu·discuss
Thanks! Will have a look. Have you used it? If so, would love to learn what you liked and didn't like
DanielSlauth
·4 lata temu·discuss
Getting slower haha... HN is generating traffic but will have to ask Webflow what's going on lol
DanielSlauth
·4 lata temu·discuss
Thanks!! Looks really good. I hope we can contribute from a different angle by focussing on the creation of the policy and ideally expand beyond AWS :) Thanks for the heads up
DanielSlauth
·4 lata temu·discuss
Yes def! We wanted to quickly validate the need so started with AWS but if we get good traction we will expand to GCP next :) Feel free to share with AWS users so that we can get going :D
DanielSlauth
·4 lata temu·discuss
We eventually want to make this agnostic and have it work for all cloud vendors. Pretty complex to write policies if you are running multi-cloud!