# Standard IAM Policies module

Defines several well-known IAM policies.

## Providers

| Name | Version |
|------|---------|
| aws  | ~2.0?   |
| okta | ?       |

## Inputs

(none)

## Policies created

| Policy Name        | Description |
|--------------------|-------------|
| mdr\_engineer      | "legacy" policy.  Gives effectively PowerUserAccess but with limitations on iam:PassRole and sts:AssumeRole.
| iam\_admin\_kms    | "legacy" policy.  Gives several `kms:*` actions related to creating, destroying, and managing keys.  Encrypt and Decrypt are noticeably absent.
| mdr\_engineer\_readonly\_assumerole | Read only access to AWS console with ability to escalate to Terraformer role
| mdr\_terraformer | Full read/write access to (almost) everything.  Has some limitations around PassRole and AssumeRole