We are using Avi networks in AWS and I have set up a controller instance with liberal (Admin) policies.
I would like to clamp down on the permissions afforded to this controller instance by it's role. Which policies should I assign to this role?
Ideally I would like a list of functions that the Avi controller is able to preform, along with the corresponding policies that allow these functions. That way I could also tailor the policies to only the functions on the controller that we wish to use.
