I understand there are three ways of doing stuff on the cloud: Console, CLI and API calls.
Then I found out there is something called Config on AWS that uses Policies that are written in JSON so this seems like something else entirely… and I imagine there are equivalent mechanisms on the other clouds…
…and then there are Roles on AWS and possibly short-term certificates that expire. Again: Other clouds no doubt have similar machinery.
So quite frankly it all sounds like a big jumbled mess; is there any way of making sense of this? I’m willing to spend a day or two figuring it out but I really want it to be a day well-spent.