This message was deleted.
# aws
s
This message was deleted.
g
This highly depends on the environment, the least privilege principle is always the best but deployer roles often need much more so it requires some effort. This is IMO a good article providing at least some options https://meirg.co.il/2021/04/23/determining-aws-iam-policies-according-to-terraform-and-aws-cli/
s
@most-mouse-38002 One suggestion - put the principal in one account dedicated for this purpose and use Assume Role to deploy to your app environments. Our own @billowy-army-68599 has you covered with this excellent blog post for more info: https://leebriggs.co.uk/blog/2022/09/05/authenticating-to-aws-the-right-way
m
Thank you, this is useful stuff both of you 👍