Hacker News: slalmeidabbm

New comment by slalmeidabbm in "Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP"

slalmeidabbm — Mon, 04 Dec 2023 16:24:59 +0000

We're currently focusing on a full shift-left approach to policy creation. Using AWS/GCP logs to create policies would work very well but it would need a few things to happen:

1. The service needs to be deployed 2. To produce an actual result, the calls that make use of the sdk need to be triggered

This is something that would be better included as an addition to monitor policy usage and adjust.

New comment by slalmeidabbm in "Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP"

slalmeidabbm — Mon, 04 Dec 2023 16:07:10 +0000

That's a very good example of the type of hallucinations that can happen, we still need to develop a way to double check that the generated policies are indeed valid and hopefully find a way to simulate them.

As is stands, Slauth doesn't support resource-based policies.

New comment by slalmeidabbm in "Launch HN: Slauth (YC S22) – auto-generate secure IAM policies for AWS and GCP"

slalmeidabbm — Mon, 04 Dec 2023 14:17:22 +0000

This would be the way to go with the initial offering. Adding static code analysis + LLMs will help with reducing LLM usage and hallucinations and then adding a way to test out the policies to make sure that they are enough to run the code without being too broad will increase trust in the results.