AWS IAM Cloud security follow up 1 #1090
Description
Is this really any different than using *? Actions are anyhow not applicable to all resource types, so defining individual resource types still with a star permission doesn't seem to change much the scope of the actual permissions.
For example, with the current config I can't use ec2:RunInstances on a Kinesis stream, because the action already carries the scope of what resource type it can be taken against.
On the other hand I get this might have a placebo effect if someone reads it through without giving it much thought, it seems more scoped.
Originally posted by @stefanoboriero in #839 (comment)