This setup grants read-only access to farfalla's HTTP access log (and any other Lambda log group) from a local AWS CLI without storing long-lived production credentials. The path is cross-account sts an IAM user in the publica.la account assumes a scoped read-only role that lives in the production account.

Ways and reasons that allow a user to access a piece of content

Intro

Every uses: entry in every GitHub Actions workflow across the publicala organization must be pinned to a specific version. This policy defines how to pin, what to pin to, and how to handle future deprecations without accumulating backlogs.

This is not a thorough description yet.

Overview