Can anyone with some AWS IAM skills please shine a light on this one: I needed access to create a slack notification for a job in Code Pipeline. Simple enough, but we (devs) have next to no access to AWS so every time I try something I am stopped by the red "user X is not authorized to perform Y on resource Z.." warning message. I send an email to OPS and ask for permissions needed to do what I need (in this case: create a Slack notification for a pipeline), and I am granted that specific one. It gets me one step further, until I am stopped by a new red warning message. This has been going on for over a week, with a total of TEN new authorizations added to my user. That's TEN red warnings, TEN emails asking for access, and TEN replies saying "Ok, can you try now?". Today I finally got the god damn slack notifier set up, only to get one last red warning slapped in my face: I am not allowed to SEE the notifications configured for my pipeline. Please insert four letter word that rimes with DUCK here: [_________]!!.

I REFUSE to believe that this is how access should be granted in AWS. Can I tell my OPS person that there is somewhere they can find a list of required access rights to complete a specific operation ("Create slack notification for pipeline")? I know there are example policies for various things, but if there isn't one for what I need how should OPS go about granting me access without this totally ridiculous "try again now" approach?

Oh, and @assmaster: don't comment "nice" to this one. This is shitting me off.