Cloudformation:
        "cloudformation:DetectStackSetDrift",
        "cloudformation:DescribeStackDriftDetectionStatus",
        "cloudformation:DetectStackDrift",
        "cloudformation:DescribeChangeSetHooks",
        "cloudformation:DescribeStackResource",
        "cloudformation:DetectStackResourceDrift",
        "cloudformation:EstimateTemplateCost",
        "cloudformation:DescribeStackEvents",
        "cloudformation:DescribeStackSetOperation",
        "cloudformation:UpdateStack",
        "cloudformation:DescribeAccountLimits",
        "cloudformation:BatchDescribeTypeConfigurations",
        "cloudformation:DescribeChangeSet",
        "cloudformation:ListStackResources",
        "cloudformation:ListStacks",
        "cloudformation:DescribeType",
        "cloudformation:DescribeStackInstance",
        "cloudformation:DescribeStackResources",
        "cloudformation:DescribePublisher",
        "cloudformation:DescribeTypeRegistration",
        "cloudformation:GetTemplateSummary",
        "cloudformation:DescribeStacks",
        "cloudformation:RollbackStack",
        "cloudformation:DescribeStackResourceDrifts",
        "cloudformation:GetStackPolicy",
        "cloudformation:DescribeStackSet",
        "cloudformation:CreateStack",
        "cloudformation:GetTemplate",
        "cloudformation:DeleteStack",
        "cloudformation:ValidateTemplate"
        
IAM:
        "iam:CreateServiceLinkedRole",
        "iam:CreateRole",
        "iam:DeleteRole",
        "iam:UpdateRole",
        "iam:DeleteServiceLinkedRole"
        
Lambda: 
        "lambda:CreateFunction",
        "lambda:UpdateFunctionCode",
        "lambda:UpdateFunctionConfiguration",
        "lambda:DeleteFunction"        

STS:
        "sts:AssumeRole"

EC2:        
        "ec2:DeleteSubnet",
        "ec2:DeleteVpcEndpoints",
        "ec2:CreateNatGateway",
        "ec2:CreateVpc",
        "ec2:AttachInternetGateway",
        "ec2:ReportInstanceStatus",
        "ec2:AssociateVpcCidrBlock",
        "ec2:ModifySubnetAttribute",
        "ec2:DisassociateVpcCidrBlock",
        "ec2:StartInstances",
        "ec2:DescribeAvailabilityZones",
        "ec2:CreateInternetGateway",
        "ec2:ModifyVpcAttribute",
        "ec2:DeleteInternetGateway",
        "ec2:ModifyInstanceAttribute",
        "ec2:RebootInstances",
        "ec2:TerminateInstances",
        "ec2:RunInstances",
        "ec2:DetachInternetGateway",
        "ec2:StopInstances",
        "ec2:DetachVpnGateway",
        "ec2:DisassociateIamInstanceProfile",
        "ec2:CreateVpcEndpoint",
        "ec2:AssociateSubnetCidrBlock",
        "ec2:DeleteNatGateway",
        "ec2:DeleteVpc",
        "ec2:CreateSubnet",
        "ec2:ModifyVpcEndpoint",
        "ec2:AssociateIamInstanceProfile"    
        
StepFunction:
        "states:CreateActivity",
        "states:UpdateStateMachine",
        "states:DeleteStateMachine",
        "states:DeleteActivity",
        "states:CreateStateMachine"