I don't disagree with anything you've said, except that I disagree that it's actually a rational choice based on facts, rather than an apparently rational one based on poor information and training -- again, none of the mitigations I pointed out are really expensive.
Let's take prod DB access: Im not saying make it super locked down, Im saying set your DB security group to only be connected to from your API security group, and set an email warning when an instance launches in that group. Doesn't stop your engineers doing it, but it makes it pretty easy to shout across the office "Hey, who is fucking with prod and why?" Takes like 30 seconds to configure on AWS.
There are serious questions about why your CEO can launch that instance though, and that sounds like massive policy failure. Again, restricting the CEO IAM from launching prod instances takes 30 seconds. (And all your non-engineer accounts should be IAM restricted!)
Ignoring that your probabilities don't work out, Id argue that the situation is really remove 5 bullets or add 1 chamber, and people pick the chamber purely because it's constructive, not out of genuine cost-benefit analysis.
"If I had 3 hours to chop a tree, Id sharpen my axe" -- I think startups are too hasty to chop, because that's being productive, right?
Let's take prod DB access: Im not saying make it super locked down, Im saying set your DB security group to only be connected to from your API security group, and set an email warning when an instance launches in that group. Doesn't stop your engineers doing it, but it makes it pretty easy to shout across the office "Hey, who is fucking with prod and why?" Takes like 30 seconds to configure on AWS.
There are serious questions about why your CEO can launch that instance though, and that sounds like massive policy failure. Again, restricting the CEO IAM from launching prod instances takes 30 seconds. (And all your non-engineer accounts should be IAM restricted!)
Ignoring that your probabilities don't work out, Id argue that the situation is really remove 5 bullets or add 1 chamber, and people pick the chamber purely because it's constructive, not out of genuine cost-benefit analysis.
"If I had 3 hours to chop a tree, Id sharpen my axe" -- I think startups are too hasty to chop, because that's being productive, right?