Heya 
, I’m working with terraform to create a few different resources. I’m wondering how people follow best practices with ensuring IAM policies are not created without constraints? Say I have an assumable role for my CICD process that needs permissions to create roles, but only scoped to that iam role resource.
I think my answer may lie within permission boundaries, but I would love anyone elses input!
Permission boundaries are the tool for that, along with conditions that they get set on created resources as well.
Yeah, that’s actually exactly what I did. I was over thinking the process 
