The Back-Pass Rule That Changed the Game

It’s good to have goals

With Higuita behind them, the defensive line of Colombia could push higher up the field, pressing the opposition to win the ball back. Then, when in possession, they were a more compact unit, with lots of options for their trademark short passing.

Not even David Beckham, Diego Maradona or Messi can say they changed the game.
But to your surprise, the former Colombian goalkeeper Rene Higuita, changed the game.

At 1992, with Higuita's high-risk 'sweeper-keeper' playing style in mind, it was decided by FIFA that goalkeepers had to play with their feet. You must play the ball back to them and they can’t pick it up.

Pause, rewind, play:

Now days we have video referees and goalline technology, but while this tech have started fresh conversations about the hard laws of the soccer game, the machines themselves have not changed the rules instead they have allowed them to be scrutinised more closely – perhaps too closely, but that’s an argument for another time.

Now you're probably wondering why you're reading a soccer story in a post about cloud security

Just like today's "modern football", these days, the advent of SaaS applications has accelerated the pace of business and introduced a host of new cybersecurity concerns.

Q: So how can goalkeepers in the cloud-native world ensure security?
A: They change the rules!

So while FIFA/Hackers continues to toy with the Laws of the Game, here is a suggested rule change to make this beautiful game of ours even more beautiful/secure:

Imagine you have a group named R.Madrid.
Members of R.Madrid should not be allowed to access any Amazon S3 resources except the Madrid folder in the Spanish League bucket. And certainly not to access anything related to the Barcelona folder.

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:ListBucket"
         ],
         "Resource":[
            "arn:aws:s3:::SpanishLeagueBucket/Madrid"
         ]
      },
      {
         "Effect":"Allow",
         "Action":[
            "s3:PutObject",
            "s3:GetObject",
            "s3:DeleteObject"
         ],
         "Resource":[
            "arn:aws:s3:::SpanishLeagueBucket/Madrid/*"
         ]
      },
      {
         "Effect":"Deny",
         "NotAction":"s3:*",
         "NotResource":[
            "arn:aws:s3:::SpanishLeagueBucket/Madrid",
            "arn:aws:s3:::SpanishLeagueBucket/Madrid/*"
         ]
      }
   ]
}

The above is IAM resource-based policy that can be used in order to limit access to a specific resource by explicitly deny all operations that require other services.

"NotResource is an advanced policy element that explicitly matches every resource except those specified"

Cool Links:

• github-awsdocs IAM JSON policy elements: NotResource.
• awsdocs IAM JSON policy elements reference.
• ermetic.com The Importance of Identity and Access Management (IAM) in Cloud Infrastructure.
• René Higuita From Wikipedia pioneering in influencing goalkeepers to take more responsibility for situations further from the goal.
• Higuita's Incredible Scorpion Kick Goalkeeper René Higuita's Incredible Scorpion Kick.