In our AWS environment, we've established IAM identity permission sets named "System Administrator" and "DevOps Engineer." Recently, we redistributed all the policies under the "System Administrator" permission set to the "DevOps Engineer" role and extended access to all relevant accounts where the DevOps Engineer role is applicable (and removed System Administartor role for the group).
However, complaints have arisen regarding certain operations being inaccessible using Terraform under the DevOps Engineer permission set, whereas they were feasible under the System Administrator role. What could be the potential cause of this issue?
We expected that the devops group will get the same permissions as we have attached all the policies under SystemAdministrator to Devops_Engineer.