|Pivotal Cloud Foundry (PCF)||1.6.x and greater|
When creating a new PCF foundation on Amazon Web Services (AWS), it is suggested to create an Identity and Access Management (IAM) user with full permissions, so that cloud formation can do what it needs to install PCF. To limit the security risk, we need to apply a policy.
The increased security risk and the possibility that the automated process could be modified or interfered with by other AWS components that are not related to the PCF install or update are the reasons for applying this policy.
The PCF installation with "full Admin privileges" should be reduced to "least privileged" by creating a new policy "PCFInstallationPolic
In order to setup a policy, you first need to create an IAM user . Once your user is created, you can then apply a policy  to limit their access. The recommended policy for this can be found here.