1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
It is better to give developer members permissions depending on what operations they perform on AWS.
However, it is difficult to identify the necessary permissions from the beginning, so it is better to use the IAM Access Analyzer.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_generate-policy.html#access_policies_generate-policy-know
The IAM Access Analyzer makes it possible to create IAM policies based on the most recently performed actions.
So, how about giving the developer Administrator privileges for a month or so to operate the system, and then creating a policy in IAM Access Analyzer?
https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html