I’m trying to scope down the permissions of a non-trivial policy that’s used by a CI/CD pipeline (to roll out and configure auth methods).
So far my approach has been trial and error, which is tedious and time consuming.
I was wondering if there are alternative approaches.
E.g. I could run the pipeline in a nonprod env with wider permissions - is there a way to get the list of permissions it actually requested and use that as minimialized policy for prod?