@saraislet @Quinnypig that’s a great point. A great AWS feature might be some sort of simulator that says, something like

- here’s each login
- here’s what each actually needs, based on what they do
- here’s all similar logins, grouped by what they do
- here’s the a few scenarios of finely scoped permissions that balance number of policies with fine-tuned permissions in different ways
- hit apply