Adding in a new PR to replace #9238 since I'm unable to modify the existing one.
This PR makes it possible to request temporary policy requests via the self-service wizard, granular by day.
Temporary policy support is configurable with the policies.temp_policy_support configuration key. By default, it's disabled.
Temporary policies are identified in the policy name by the prefix cm_delete-on, followed by
a representation of the date in YYYYmmdd (ie: 20211209).
The cache_iam_resources_for_account (which already caches IAM resources on an account) will remove expired policies if the current date is equivalent or after the date specified in the policy to be expired.
Adding in a new PR to replace #9238 since I'm unable to modify the existing one.
This PR makes it possible to request temporary policy requests via the self-service wizard, granular by day.
policies.temp_policy_supportconfiguration key. By default, it's disabled.cm_delete-on, followed by a representation of the date in YYYYmmdd (ie: 20211209).cache_iam_resources_for_account(which already caches IAM resources on an account) will remove expired policies if the current date is equivalent or after the date specified in the policy to be expired.