Hella hate. Personally I found grappling with what they were initially difficult but then I finally dug in and watched howto propaganda...great job whoever did that at amazon. It’s the one thing I don’t hate about the company. [1]
It’s a ton easier for on boarding and giving contractors temporary access to resources.
I don’t know why all the hate for IAM permissions here.
They are complicated but also extremely powerful if setup correctly.
We manage all of our IAM policies and groups with terraform and it’s incredibly easy to understand imho