| ▲ | SoftTalker 4 days ago | |
Are you arguing that it’s a good idea for random developers to be able to set up new subdomains on the company domain without any oversight? | ||
| ▲ | mdaniel 4 days ago | parent | next [-] | |
Do they work there or not? I deeply appreciate that everyone's threat model is different, but I'd bet anyone that wants to create a new DNS record also has access to credentials that would do a ton more actual damage to the company if they so chose Alternatively, yup, SOC2 is a thing: optionally create a ticket tracking the why, then open a PR against the IaC repo citing that ticket, have it ack-ed by someone other than the submitter, audit trail complete, change managed, the end | ||
| ▲ | 4 days ago | parent | prev | next [-] | |
| [deleted] | ||
| ▲ | OkayPhysicist 4 days ago | parent | prev [-] | |
What's your threat model that says they shouldn't? If you don't trust your senior devs, you're already pwned. | ||