AWS IAM:PassRole explained

A common point of confusion when getting started with AWS IAM, and when trying to implement "least privileges" on IAM is the message "is not authorized to perform: iam:PassRole on resource". Usually this refers to "User" or "CloudFormation" as

Effective Actions for AWS IAM

TL;DR I made Effective IAM Actions, a small tool to expand wildcards "*"in IAM Policy Actions so that you can see explicitly what permissions are granted by a policy. It supports multiple statements in each policy, Allow and Deny

Federated CodeCommit Access

CodeCommit access via federated credentials is the way to go. You're not using long-lived Access Keys are you? Bad engineer! Stop that! For better or worse, federated IAM access requires you to use the HTTPS endpoint with a git credential