This week's articles
Controlling the Rollout of Large-Scale Monorepo Changes
Uber's blog post discusses the challenge of managing large-scale changes in a monorepo environment where thousands of microservices are automatically deployed. The key issue is minimizing the impact of bad changes that affect multiple services.
Three Ways to Give an AI Agent an Identity
This post compares three AI agent identity models: acting as the user (simple but single-player), service account tokens (common in production but insecure), and SPIFFE-based workload identity (best but costly to implement). Covers governance plumbing like Okta XAA and cloud-provider managed options.
Apps can now impersonate human access to AWS via IAM Identity Center
AWS IAM Identity Center now lets server-side apps exchange an IdP-issued OIDC token for user-scoped AWS credentials via CreateTokenWithIAM, ListAccounts, and GetRoleCredentials. Actions are attributed to the user in CloudTrail. Key gaps: no per-app scope restrictions and no application ARN in audit trails.
|