| ▲ | alemwjsl 4 hours ago | |
I take it advertising your account id isn't a security risk? | ||
| ▲ | otterley 32 minutes ago | parent | next [-] | |
AWS does not consider it one. “While account IDs, like any identifying information, should be used and shared carefully, they are not considered secret, sensitive, or confidential information.” https://docs.aws.amazon.com/accounts/latest/reference/manage... | ||
| ▲ | Cthulhu_ 4 hours ago | parent | prev | next [-] | |
Armchair opinion, but shouldn't be too bad - it's identification, not authentication, just like your e-mail address is. But probably best to not advertise it too much. | ||
| ▲ | 2 hours ago | parent | prev | next [-] | |
| [deleted] | ||
| ▲ | aduwah 4 hours ago | parent | prev [-] | |
It is not hygienic, but with only the account-id you are fine. In the IAM rules the attacker can always just use a * on their end, so it does not make a difference. You have to be conscious to set proper rules for your (owner) end tho. | ||