steven09/17/2021, 4:39 PM
role with write access to a s3 bucket, access to view a webpage, ability to login prod servers etc. but that would definitely put too much burden on iam engineers who review those requests: 1. each team may want to create a role for each of their use cases (oncall role, normal role, prod role etc.) 2. iam engineers don't have the context of everything, imagine thousands of resources and each of them is domain specific. how do you envision the process for users to create roles while following the least privilege principle, in a scalable way?