Implementing the sudo access pattern for AWS IAM Users

When you create an AWS account from scratch, you also create an omnipotent “root” account. AWS recommends against using it for everyday tasks and encourages you to create an IAM user. By default, IAM users don’t have credentials or access; it’s up to you to configure them. The complexity of AWS IAM authentication and access control can make it tough to design a good usability and security tradeoff for the regular AWS “human” user.

One design patten to consider is sudo. Sudo is a Unix feature that lets users impersonate another user of…