add policy document with the IAM roles needed for engineers
Context for reviewers
We need to limit access to comply with best practices of “least privilege” for our engineering staff and for automation tools.
Privileges are managed through one higher-privileged account
wic-prp-eng: This will be the standard IAM role for engineers on the team. This role should give access to appropriate resources such as: S3, ECS,ECR,RDS/Aurora, IAM etc
IAM privileges for this account are limited to changes to the wic-prp-infra role
wic-prp-infra: This is a dedicated role for infrastructure access. This role will give access to resources such as: Route53, certificate manager, VPC,etc
wic-prp-privileged: This role is used to modify privileges for the wic-prp-eng role, and to grant new users access to AWS (creating accounts and assigning those accounts to either wic-prp-eng or wic-prp-infra as appropriate)
Testing
Log in to the AWS console and confirm that you have the proper permissions associated with the wic-mt-eng and the wic-prp-privileged users
Ticket
https://wicmtdp.atlassian.net/browse/PRP-74
Changes
Context for reviewers
Testing
wic-mt-engand thewic-prp-privilegedusers