Update broker to use parameterized IAM group policy

[markdboyd]

In order to reduce the number of IAM users created/managed by the broker, the broker should have a parameterized group policy and add the user/role to that group instead of the broker making an individual policy for each instance.

Recommendation came out of security consulting from AWS. See the meeting notes

POC

Ask @rbogle for further details if necessary

[pburkholder]

Should this be included with broader AWS security recommendations issue?

[markdboyd]

@pburkholder Yes, it is tracked in that epic: https://github.com/cloud-gov/private/issues/1204