IAM permission: Principle of least privilege

[bkirwan]

Great solution, however, IAM permissions required provide a significant level of access to the head & compute nodes restricting the ability to deploy the solution into certain environments due to security concerns,

- Policy: arn:aws:iam::aws:policy/CloudWatchFullAccess
- Policy: arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess
- Policy: arn:aws:iam::aws:policy/AmazonSSMFullAccess
- Policy: arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess

A set of policies that follow the principle of least privilege providing the bare minimum required would help address security concerns

[sean-smith]

Great feedback - the way to approach this is to run the solution and record API calls using AWS CloudTrail then only add those permissions.