Related questions - what is typical practice for local development environment's access? We use sso for auth to aws in local environment. I'm thinking allowing those sso principals to assume to a role that only has read access to aws resources. That would allow developers to
. Then in CI, setup roles to have full admin permissions. Any general advices?
09/06/2023, 11:27 PM
Try to avoid full admin permissions. If you have the bandwidth, start off with read-only access and add read-write policies as and when they're needed.
Also, prefer OIDC for the CI part of the process. It's great 🙂