As @matthewdfuller said - probably one of the most expensive * wildcards in history.
Many orgs will put a lot of thought into the privileges behind their user roles, but not nearly enough behind their machine roles - so developers slap an AWS managed policy to their EC2 Instance Profiles so IAM stops breaking shit & call it a day
- Make Policy writing easy.
- Detect bad ones
- Implement guardrails
- Auto-remediation of excessive privileges
- Solve problems related to people and processes
Yes, I wrote it so I'm biased. But it's damn good, free and open-source, and doesn't require you to be an IAM expert. Just copy/paste resource ARNs and access levels and call it a fucking day.
It's fine for user roles, but put some guardrails on it like Permissions boundaries and SCPs.