aminohealth / wonk Public
You want to give the people in your organization the AWS permissions needed to do their job. Amazon has helpfully created several hundred policies like AmazonRDSReadOnlyAccess and AmazonS3FullAccess that you can assign to users, groups, or roles. This is super convenient... up until it's not.
Perhaps you have one role for backend engineers, and another role for backend engineers who are on call this week and need some additional permissions. You really don't want to maintain two policies that are nearly identical, though.
In this case, you could put all of the standard permissions in one policy, all of the additional on-call permissions in another, then combine them:
Beyond just combining a file or 2 as needed, you want some help managing multiple roles with lots of policies. Say you're setting up policies for both frontend and backend engineers and each of them have special on-call roles that share some extra debugging permissions. Each role uses a combination of some AWS-managed policies with some that you've written yourself.
where the managed directory is full of policy files that you've downloaded from AWS (maybe using the wonk fetch command), the local directory has policies you've written yourself, and combined has the output files that Wonk creates for you.
