Am I able to allow a newly created IAM user to create arbitrary policies but limited to resources he created? For example if I allow a user to create S3 buckets, users and IAM/Bucket policies, I want him to be able to create policies for IAM user that are limited to buckets he created and not other buckets present in the account.
If I'm not able to specify such policy, is there any other way to achieve this? Some kind of namespacing within an account that could isolate that user's resources from all other IAM users?
This is related to AWS IAM Policy to allow user to create IAM User with specific Policy/Roles and I was wondering if something has changed since the time it was asked.
Check out Delegate permission management to developers by using IAM permissions boundaries
The documentation Permissions boundaries for IAM entities