So, if IAM is the keys to the city for Lambda, how can I be sure I'm using IAM correctly on AWS (Since AWS documentation is not great). Any suggestions? (asking for a friend...)
After the talk, I spoke to a nice Dutch man who told me the way they handled it at their company was to randomly turn off an overly broad permission and see who came to complain!