Hacker News new | ask | show | jobs
by w1nt3rmut3 1592 days ago
They do and there is even a button in iam to do just that. Also exposed as api to regernate the policy based on usage.
1 comments
balls187 1591 days ago
Would you mind pointing me to a doc about regenerating policies based on usage?

The pain I'm dealing with is having to look at the event logs to determine which CF task failed due to permission, then add that to the CF policy.

link
orf 1591 days ago
> Would you mind pointing me to a doc about regenerating policies based on usage?

First result in Google gift “generate IAM policies from usage”

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_poli...

link