Hi there, super new to Boundary Project and am having fun playing around with it.
I think Boundary is acting like an IAM-enforced proxy to access our infrastructure. Almost every company out there will have use cases to control and limit access of specific infrastructure to specific teams. For the very same reason, often we get stuck to one given cloud provider and I believe Boundary is in a perfect position to be the hosted IAM for teams, not limited by any cloud provider.
I don’t know how Boundary works internally but I think the TCP tunnels for SSH-based access can be logged and especially because Boundary is Identity-Aware, it can spit out a log history of what a user had been doing inside their SSH session. Not just that, in case Boundary is able to do that, it might also be able to tell which user sent which database query and when because of which production went down.
At the last company where I worked, there were a lot of people who had access to a production bastion and someone or the other deleted the entire cluster. I know this was toxic but there was really no way to detect who did that. The bash history and the ssh login history were also deleted so logging at such a level is super important.
I think Boundary has the potential to change IAM for all. Happy to contribute in the source code, looking forward to a few comments!