Clean up IAM permissions needed with this

[cloudsec9-ca]

I want to be able to deploy this as an AWS user, rather than root; I've done bits of this but the permissions need tightening up.

[cloudsec9-ca]

Removed overly-permissive "AmazonEC2FullAccess" and "AmazonS3FullAccess" roles, and will attempt to scale down the perms needed