1 Answer
- Newest
- Most votes
- Most comments
0
It is better to give developer members permissions depending on what operations they perform on AWS.
However, it is difficult to identify the necessary permissions from the beginning, so it is better to use the IAM Access Analyzer.
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_generate-policy.html#access_policies_generate-policy-know
The IAM Access Analyzer makes it possible to create IAM policies based on the most recently performed actions.
So, how about giving the developer Administrator privileges for a month or so to operate the system, and then creating a policy in IAM Access Analyzer?
https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-generation.html
Relevant content
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago