Remove all cases of `"Resource": "*"` from policies

[Zeebrow]

Suggestions:

• Utilize resource paths when possible
• Create a permission boundary for the user
• Tag all resources and use conditionals in policies
  • aws:ResourceTag/xyz
  • aws:TagKeys
  • Supported EC2 condition keys

https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html

[Zeebrow]

Plan

1. Enforce tagging policy on user/role with:

   {
           "Effect": "Allow",
           "Action": [
               "ec2:CreateTags"
           ],
           "Resource": [
               "arn:aws:ec2:*:865386952527:key-pair/*",
               "arn:aws:ec2:*:865386952527:security-group/*",
               "resource 3",
               "resource 4"
           ],
           "Condition": {
               "ForAllValues:StringEquals": {
                   "aws:TagKeys": [
                       "Name",
                       "quickhost"
                   ]
               },
               "ForAnyValue:StringEquals": {
                   "aws:TagKeys": ["quickhost"]
               }
           }
   }

   • Allow users to create tags with 'Name', 'quickhost', ... keys
   • Require the 'quickhost' tag key to be present on resources

2. Require a vpc id in order to create policies