Follow @tkoola on Micro.blog.
Annoyingly common pattern in AWS documentation: “create an IAM account to avoid granting…” and then completely omit the Roles/Permissions that account should have to be succesful