http://builtsleek.com/categories/iam/Recent content in IAM on Built SleekHugo -- gohugo.ioenMon, 11 Dec 2023 00:00:00 +0000http://builtsleek.com/posts/ops-aws-iam-boundary-policies/Mon, 11 Dec 2023 00:00:00 +0000http://builtsleek.com/posts/ops-aws-iam-boundary-policies/When responsibility for fine-grained Policy creation is delegated to an Identity such as a Developer, the Identity often expects to utilize iam:createRole to configure permissions for cloud resources. Developer Needs Link to heading Developers frequently need to create Identities like IAM Roles during deployment to oversee permissions for various software resources. Nevertheless, the Operations admin might feel uneasy granting AdministratorAccess. Even when avoiding Admin grants, the needed Action iam:create[Role/User] would enable the developer to create an Identity that grants a seperate Policy, thereby bypassing the developer’s Identity Policy document.