Allowing Role and Policies creation for Development team

I'm sensing an anti-pattern in my company when it comes to creating roles and policies for a given workflow.

I'm sitting on a development team, we are far from experts in AWS but we are learning fast. We are building an application and trying to follow as much as possible all AWS's security standards. As we develop we need to create specific roles bearing proper policies.

There is security team in my company who owns the IAM side when it comes to creating policies therefore the development team doesn't have permissions to create/edit/delete policies to assign to the roles. Development team is only allowed to create/edit/delete/read roles and read policies.

Development team faces a lot of frustration with this situation as it cannot proceed with our developments independently. After questioning the security team about the reasons it was stated that:

• In the past people would go wild in creating policies, so we had to cut them short as it was easily becoming a total mess
• We needed to protect the AWS account from its users.
• We needed to protect the team from himself.

I would really appreciate the community input on this to understand what/how other companies are organizing themselves when it comes to "allowing" creation of policies.