Comment by coredog64
2 years ago
If it was me, I’d still run QC tools on the generated policy just like I would for manually authored policies. Specific to AWS, the IAM Access Analyzer will confirm that you’re using correct grammar. Further, there are techniques like SCP and permission boundaries to downscope what would normally be all actions/resources.
No comments yet
Contribute on Hacker News ↗