Document and maintain required AWS IAM permissions

We could leverage the AWS IAM access analyzer policy generation to document which permissions are required for a GET deployment. We've been doing this ad-hoc, but potentially it is something that could be documented and maintained within GET?