Attach policy to specified users allowing assumption of the Terraform state read-write role

[jsf9k]

🗣 Description

This pull request attaches a policy to specified users allowing assumption of the Terraform state read-write role. It also adds:

• Instructions for operators to help them initially deploy such an environment and grant specific users the ability to redeploy it.
• Instructions for users to help them to set up locally and then redeploy an environment.

See also cisagov/cool-assessment-provisioner-iam#30.

💭 Motivation and context

It is better to attach the policy in Terraform instead of requiring operations to do so manually in the AWS console.

🧪 Testing

All automated tests pass. I deployed these changes to env6 in our COOL staging environment and verified that they function as expected.

✅ Pre-approval checklist

• [x] This PR has an informative and human-readable title.
• [x] Changes are limited to a single goal - eschew scope creep!
• [x] All relevant type-of-change labels have been added.
• [x] I have read the CONTRIBUTING document.
• [x] These code changes follow cisagov code standards.
• [x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• [x] All new and existing tests pass.

[dav3r]

After further reflection, I think that the two markdown files that you added don't belong in this repo. The info from those files should be passed to our Ops team and users so that it can be stored wherever they keep their various runbooks.

[jsf9k]

After further reflection, I think that the two markdown files that you added don't belong in this repo. The info from those files should be passed to our Ops team and users so that it can be stored wherever they keep their various runbooks.

Those commits have been removed and I have emailed the information to the relevant parties.