IAM Roles That Fail Loud: Small Defaults, Big Difference
Posted on Tue 12 May 2026 in DevSecOps • Tagged with aws, iam, pulumi, python, security, permissions-boundary, supply-chain
A small Pulumi library that treats IAM safety measures as preconditions instead of preferences. Permissions boundary required by default, wildcard trust policies rejected, wildcard actions refused, every opt-out explicit and grep-able. Plus notes on why the CI pipeline for a security library has to hash-pin its dependencies.
Continue reading