Pivotal Cloud Foundry (PCF) 1.6.x and greater
When creating a new PCF foundation on Amazon Web Services (AWS), it is suggested to create an Identity and Access Management (IAM) user with full permissions, so that cloud formation can do what it needs to install PCF. To limit the security risk, we need to apply a policy.
The increased security risk and the possibility that the automated process could be modified or interfered with by other AWS components that are not related to the PCF install or update are the reasons for applying this policy.
The PCF installation with "full Admin privileges" should be reduced to "least privileged" by creating a new policy "PCFInstallationPolic