[zbruhnke]

Not OP but pretty sure they just mean this

`aws s3api create-bucket --bucket somecoolname --region us-west-2 --grant-write iamuser`

[aeternum]

And now a single user has access, such scalability!

[zbruhnke]

Well technically this could also be a group.

I don’t know why all the hate for IAM permissions here.

They are complicated but also extremely powerful if setup correctly.

We manage all of our IAM policies and groups with terraform and it’s incredibly easy to understand imho

[caro_douglos]

Hella hate. Personally I found grappling with what they were initially difficult but then I finally dug in and watched howto propaganda...great job whoever did that at amazon. It’s the one thing I don’t hate about the company. [1]

It’s a ton easier for on boarding and giving contractors temporary access to resources.

*former worker at 3rd party merchant

[1] https://www.aws.training/LearningLibrary