Narrowing down IAM permissions

aws

#1

I collected a few thoughts on how to arrange IAM roles and policies in this blog post: