Security as a developer

As a developer, your primary security focus is to make sure that what you are working on is secure. This mostly boils down to making sure the code you write and you use, such as frameworks and libraries, are free from security vulnerabilities.

But there are a few things we can do to help make the AWS account that runs the system more secure.

Follow an additive permission strategy

An additive permission strategy is when we start with zero permissions for the system and gradually add more when encountering an error during development. On the other hand, a subtractive one is when we start with all permissions and then remove what is not needed when finished with the features.

In our experience, removing permissions rarely happens, leaving the system with too broad access. On the other hand, if we are careful to add only the minimum amount of permissions iteratively as part of development, the resulting system will end up with just what it needs to function.