- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
You can create IAM roles and when user groups. User groups will act as parents while the users that you add in the user groups would act like child. User groups will have IAM role associate to it and the same role would be applied to the user present in the user groups
For Example, User X - Belongs to Dev Environment User Y - Belongs to Stage Environment User Z - Belongs to Prod Environment User X can be in a User Group Dev which has IAM role READ ONLY User Y can be in a User Group Stage which has IAM role READ and WRITE ONLY User Z can be in a User Group Prod which has IAM role READ and WRITE ONLY
You can even allow different perimeter role policies for an example, user x present in the group dev environment can read all the resources but not the S3 resources or user y present in the group stage environment can read/write all the resources but cannot write the resources in the S3 bucket.
AWS has very well architected the IAM roles and permissions, would be good to understand if my explanation helps you. Let me know in case you have any other questions.
