|
|
|
|
|
|
by unethical_ban
1884 days ago
|
|
|
Also, permissions boundaries are specifically made for the use case of "IAM teams delegating some control to devs". IAM team creates a "developer admin" role/user that can only create users/roles that have a permissions boundary on it. That way, no matter what policy the dev admin grants, the dev user can only do what the permission boundary allows. |
|
|