Fucking hell the AWS IAM documentation is confusing as fuck. Trying to set up a fucking role is harder than cutting a rock with a fucking spoon.

And who the fuck thought it would be a good idea to allow a CLI user to run any command he's allowed to without any form of authentication??
Oh, set up MFA for the CLI you say? Good fucking luck with that, if you ever manage to figure out how to set that shit up!
Fuck this shit!

And good fucking luck with all the circular references if you ever need a practical example for this shit! And the outdated examples too!

I feel your pain, AWS has all around shitty documentation that is long winded and never actually tells you what you need to know; my usual workflow is to ignore the docs, make an IAM user via console, and attach policy groups that you can find via Google (click the links for medium articles, the medium ones are always much better and have the policy you need to copy paste).

The CLI is absolute AIDS. I have this same issue with Google, the fucking names are too long. I don't want to type `FooBarBarFooFooBarBar.FooBarBarBarFooFooFooFooBarFoo(FooBarBarBarBarFoo.foo, FooBar.FOO)` into a fucking console can they not understand that this shit needs to be short? Honestly half the functions in AWS CLI and Google's SDK are useless and just provide forward compatibility for features that are equally useless and are clearly not on the fucking roadmap, and it just makes it worse that they're unnecessarily long and totally unintuitively named.

AWS pls learn from DigitalOcean, painless == better!

I just started looking for EKS and found I need to create a lot of fucking policies. WTF!