Is there a way to create meta permissions when creating roles in AWS IAM? i.e. this user has permission to create roles, but those roles can only do X, Y and Z.
My use case is that I want a user to be able to create a role and attach it to a lambda function so the lambda can do certain things, e.g. read a file from S3.
But I want to restrict what permissions the roles can have to a certain set, i.e. I don't want them to be able to add permissions to the role that allows them to delete all S3 buckets in the account from within the lambda function for example.
Is something like possible/supported?
Thanks!