The article completely addresses the problems in #1 and you’ve offered no solutions. It offers a solution for determining what the hell the least priveleges are, while you assume prescient knowledge of them without justification. Your #2 is also exactly one of its recommendations.
> The article completely addresses the problems in #1 and you’ve offered no solutions.
You don't define the privileges you need, by running around with full privileges. The article is pitching some kind of tool the author developed, but you can do the same at least for AWS, for a long time. And if you don't know what policies you need you should talk to either the vendor or the application creator, as you will never be able to exercise all the compute paths...
I really love the trend of simply restating what an article argues against without addressing the actual article's points.
I had an exhausting discussion on Reddit about why storing UTC is not always sufficient from commenters who continually proved they hadn't read the article or the rest of the the comments.
I'm gonna go with "a hyperbolic, but potentially-necessary corrective to the mass cargo-culting of dev practices only appropriate to global-scale organizations, with a possibly egotistical amount of clickbait self-promotion" on that one.
