Skip to content

AWS

← Back to standards

Idea (developing)

Section titled “Idea (developing)”

AWS access follows the same mindset as Fly and GitHub: least privilege, tier-appropriate roles, and no shared production credentials for day-to-day development work.

Topics we will cover

Section titled “Topics we will cover”
  • IAM roles and policies scoped to job function and environment
  • Separation between staging, UAT, and production accounts or roles where applicable
  • No long-lived access keys in application repos; prefer OIDC or short-lived credentials
  • Secrets in managed stores (not committed .env files for production)
  • How AWS resources relate to Fly-hosted APIs and shared platform services
  • Audit and change control aligned with SOC 2 expectations

Content coming soon.