This is all in the existing source CloudFormation stuff, but basically we should re-examine what we're doing with the following in mind:
[ ] Identify specific capabilities for admin, developer, ci
[ ] Consider what's the difference between developer and ci as they're currently the same.
[ ] Fully document roles / groups for admin, developer, ci
[ ] Document potential "gotcha's" such as having an admin create new resources in a related serverless (really CloudFormation) config and then needing an admin to delete them, where ci role wouldn't be able to do this. (Can separately ticket this one if needed as it's complicated -- Roemer has some specific experiences in mind).
This is all in the existing source CloudFormation stuff, but basically we should re-examine what we're doing with the following in mind: