I was able to get permission boundaries to work wi...
# help
I was able to get permission boundaries to work with SST but I'm wondering if anybody has thought about a way to add them to the debug stack? We have the same permission boundaries in our dev environments we do in prod, thereby to encounter any problems ASAP. That means we can't deploy the debug stack.
Hey @Matt Morgan, you can add this block to ur
Copy code
export function debugStack(
  app: <http://cdk.App|cdk.App>,
  stack: cdk.Stack,
  props: sst.DebugStackProps
): void {
  const boundary = new iam.ManagedPolicy(this, 'Boundary', {
    statements: [
      new iam.PolicyStatement({
        effect: iam.Effect.DENY,
        actions: ['iam:*'],
        resources: ['*'],

So essentially this is how to make changes to the debug stack (ie. tagging resources in the debug stack).
Cool! I'll try that. Thanks for the reply.
Yeah that worked. Amazing work on this project. Gonna look at migrating a bunch of stacks to SST over the next year.