|
|
|
|
|
|
by radedespodovski
2231 days ago
|
|
|
Just realized that the example with CLI in the docs have the right policy with least privileges. Somehow the part with the full access was overlooked. We just updated the documentation. I completely agree with your approach, we also encourage our users to start with the base permissions and then give more when necessary. Even more, to give an access only on resources provisioned by our system. As we automatically tag all resources, using IAM policy conditions this could be easily done. The control is always on the user's side. |
|
|