This stack is here to help you be more organize with your AWS accounts. Over the years we came up with a nice list of IAM Groups that every AWS should have. The groups will make sure it is clear at a glance which user is responsible for what part of AWS.
Before you use this CloudFormation file, make sure to review it to see if the policy that each group has is something that will work for you.
This stack is available to anyone at no cost, but on an as-is basis. 0x4447, LLC is not responsible for damages or costs of any kind that may occur when you use the stack. You take full responsibility when you use it.
To deploy this stack, all you need to do is click the button to the left and follow the instructions that CloudFormation provides in your AWS Dashboard. Alternatively, you can download the CF file from here.
The stack takes advantage of just IAM Groups.
- 5x IAM Groups
- Owners: Owners are like Admins, but just own the company/product.
- Root: Full access to the whole AWS account.
- Admins: All the privilege of a Root, minus the ability to to manage users. Meaning no access to IAM, etc.
- Accountants: Accountants will have access only to the billing section of AWS.
- Auditors: Read only access to specific parts of the site.
- Developers: Can only see CodeBuild logs, can check CodePipeline status and trigger builds if needed, and have access to CodeCommit.
- Support: Mostly read only access to the AWS account to help them debug issues.
IAM Groups doesn't cost anything.
If you enjoyed this project, please consider giving it a π. And check out our 0x4447 GitHub account, where you'll find additional resources you might find useful or interesting.
This project is brought to you by 0x4447 LLC, a software company specializing in building custom solutions on top of AWS. Follow this link to learn more: https://0x4447.com. Alternatively, send an email to hello@0x4447.email.