I worked at two companies recently. Both are decent size. Both have real engineering teams that ship to production every week. They take very different approaches to one specific question: how does an engineer get access to the cloud to do their job? I am not going to name them. For this post, it is Company A and Company B. The point is the approaches, not the brands. I also want to make clear that I am not here to say one is right and one is wrong. Both teams I worked with shipped good software. Both teams had engineers who cared. The different access model changes how the work feels, and what kind of mistakes are easy to make. That is the part I want to write about. The two setups Company A: team owns the account, GitOps decides who has access At Company A, each team has their own AWS accounts. Both the production one and the staging one. The accounts are genuinely owned by the team. Production is a bit more careful: nobody has write access by default. If I need to make a change, I have to ask a teammate to escalate me from read-only to...
← All tags
