1 Answers
So the bullet point it correct. But as you say the access may be added by default, but only if you don’t specify an alternative.
In an environment where CLI and API is used, and where policy documents are provided as an input of course, you won’t get that default.
I think it’s a good point to highlight, as its one of the only places (if not the only place) where you can lock out the root user.
Thoughts?