You may think this talk is just a cleverly disguised ruse to make as many IAM puns as is humanly possible. And you’d be correct. You should in no way mistake it for an attempt to distill, in as short a period as possible, an understanding of Amazon Web Services API security policy documents. Nor should you confuse it with a brief evaluation of the sorry state of predefined AWS policies. Whatever you do, you should not assume that I’ll spend any time meditating on the utter unmitigated disaster that is most people’s policy stack (Hint: there’s a fair bit of *FullAccess in there).