Nice summary! It does feel like a bit much doesn’t it 😅

@@impostersyndromedev At scale you want lots of smaller things, so I don't think it's too bad.

The first role creation page, at 2:11, ""Select trusted entities" part is all about STS. If you create the role with default trusted entities, the "AWS": "{account_id}" will be updated automatically to "AWS": "arn:aws:iam::{account_id}:root". To confirm this, create a role same way, then check back same role's "Trust relationship" after the creation. So, end of the video "StdUser" is having same privileged with root to this function!! Role creation journey should be done with two steps, policy -> role (with "AWS": "arn:aws:iam::{account_id}:user/StdUser). You are still getting STS' temporary credentials for your application (aws-cli/sdk). For further users; Thrust Relationship's Statement/Principal/AWS property also accepts list of user ARNs as string like ["{user1_ARN}", "{user2_ARN}"]

Yup. I mentioned it rather quickly in the dialog, but it's good that you caught that! Setting this would give you defense in depth. Particularly useful, in the event that new users are added or removed that shouldn't be able to assume the role.

I think you can just select Node.js for that. You can see it in the dropdown at 1:22 -- hope that helps!

Certainly! This is why it's essential for us to embrace automation and infrastructure-as-code using tools like Terraform or Cloud Formation. At some point, somebody will need to figure out the hard or complex things and make them easier through abstraction and encapsulation. That's why they pay us the big bucks. Happy coding! :)