I am working on a project where resources for customers on AWS are allocated with an AWS account per customer. We need to be able to create an AWS Secrets Engine
iam_user credential periodically for access to some customer resources.
For a variety of security concerns/policies, we cannot use one AWS Secrets Engine mount point as the account used by a particular AWS secrets engine would need CreateUser permissions.
We are considering an AWS Secrets Engine mount point per customer account, which will mean we could be creating several thousand mounts. Is this an OK idea, or is it a bad idea? What are the consequences of doing this?
iam_users will not be created frequently, so these mounts will not be heavily utilized.