Showing posts from 2022

How I Stopped Worrying and Learned to Give Myself Any AWS Permissions I Wanted

I'm happy to have some ideas worth blogging about at last!  Here's a really big one I stumbled across if you're in an organization that wants to keep permissions relatively locked down on AWS (in terms of performing actions on resources), but still wants to enable individual users the ability to interact with their own stacks as needed without waiting on admins. The TL/DR Of It Using AWS CloudFormation, you can deploy a stack consisting of a single resource.  This resource is of type AWS::IAM::ManagedPolicy .  Attach all the policy statements you want, then add Users consisting of any IAM users on the AWS account.  Voila, instant permissions to do whatever. More About the Process Let's say you need to tweak various aspects of your AWS setup.  Maybe you have a DynamoDB entry that needs to be manually tweaked, a Lambda function where the concurrency needs to be adjusted, an SQS queue where the maximum age of a message needs to be adjusted, or files sitting around in an S