Open FireballDWF opened 5 years ago
its unclear what your suggesting as an alternative. yes fine grained iam policies lead to inscrutable access denied errors, what are you suggesting custodian do about that?
type: value
key: "KeyManager"
value: "CUSTOMER"
implicitly filtering aws owned resources in account is really something best left to a policy author, there are typically governance objectives around verifying properties even for things aws has in an account. take a managed eni for example.
Low priority