[StreamBright]

The question is not this but is this feature really needed. Maybe it is for the GCP user base, maybe it isn't for the AWS user base. I personally use AWS for ~9 years and I never needed such feature. I can achieve exactly the same (quite often do exactly that) by provisioning a small free tier instance with an instance profile that uses the same policy as the service or resource (lambda function for example) that I am debugging.

If AWS lacks anything, it is a "why the hell this API call failing exactly" feature. It is horrendous to debug a resource that is using other resources and you do not have any means to get what _exactly_ is missing. Usually you get an error like "s3 throw a 403, bye" message. The closest to a solution is CloudtTrail with giant amount of JSON entries to go through or try to load it to Athena or other database, and because you do not know what exactly you are looking for it is very hard. I usually just ask the support to debug it for me because they have internal tooling that can do that. Most of our support tickets fall into this category.