I am using Terraform and I am trying to limit the access as much as possible, but I want to know what those limits are.
Terraform provides me a request ID for the request that had failed, but I am not sure where in the AWS console to go to put in that request ID and see what it was trying to do and what IAM policy it failed on.
In Given a failed AWS API request, how can I debug what permissions I need? they are looking for something more specific to S3, but I am doing a broader one with Terraform and I'm dealing with IAM resources and EC2 creation.
To check the request that was made and all detailed information, just use Cloudtrail, which let you check all the requests made to your account.
Go to https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events
In the filter dropdown of Event choose "Request ID" and next type in the ID given from Terraform.