I’d love to see some discussion (in the boards and in the course itself) of IAM managed policies others find themselves using over and over again. It’s all too easy to create overly permissive policies, and there aren’t nearly enough resources diving into the art and science of policy selection.
To kick off discussion, I’ll note an observation I had from the policy examples in the KMS Part 1 video. Members of the finance team have been given ReadOnlyAccess in order to view resources in the console. It occurred to me that a more appropriate policy in many such scenarios would be ViewOnlyAccess. ReadOnlyAccess provides broad read access to data resources (S3 objects, DynamoDB items, etc), whereas ViewOnlyAccess allows the console user to view lists of resources and get at certain metadata without actually granting access to the data.
From the perspective of least privilege access control, I’m a bit wary of ReadOnlyAccess, as I rarely have a user that needs access to application user data when operating in a "read only" role. It’s true that we can and should be using encryption to further control access in many of these scenarios, but I’d always opt for the layered control and exercise more granular permissions on the resources themselves.