AWS IAM permissions: a love-hate relationship! 😫🔐 On one hand, they promise control, but on the other, they're a labyrinth of confusion. Navigating JSON policies, deciphering documentation, and debugging 'Access Denied' errors. Oh, the joys of IAM! 😅

I swear it's hella confusing try to figure out what does what in IAM. I simply want this user to not be able to access a certain dashboard/feature. Why can't I do it easily?

AWS: Because fuck you, that's why.

I really like IAM hehe. Projects like IamLive and cdk permission ”sets” are a good reference/glue that you can use to really “discover” the permissions.

IamLive is for wild folks.

CDK is for planing folks.

What is your taste?

I don’t get it. IAM policies are so easy to use (unless you’re harderning CDK defaults, then it can be a pain in the arse, admittedly). What’s so confusing about them?

Come to think of it, the few times I’ve struggled with convoluted IAM policies, they were a sign that something else was wrong in how the system was designed…

Sounds like you are not using CDK to facilitate Security as Code: makes life a hell of a lot easier