Service owners do not need admin permissions into their cloud accounts
Service owners don't need admin permissions, and should be given a minimal set of permissions as-necessary (e.g. read-only).
Service owners do need to admin into their cloud accounts, Permissions management in the cloud has historically been toil heavy due to the vast scope of permissions and large number of ever-changing services. By default, service owners should be given a minimal set of permissions (e.g. read-only permissions). They should be able to easily obtain permissions as needed; however, modifications to permissions should be automatically logged and audited to detect anomalous behaviour. - Excess permissions can be identified with historical usage data to recommend permissions changes.
When service teams own their accounts
IAM
Medium
AWS
Adam Cotenoff