Least-privileged option for S3
The current solution's IAM policy assumes that the runner will be used for all CloudFormation stack management aspects. Another use case is just to use the runner to upload files to S3 (e.g. a pipeline for a static website). Though the current permissions set includes S3 object management, we want to enable this second use case with a least-privileged role.
Proposal: a dropdown selection as a parameter which allows a customer to pick a use case and assigns permissions based on that selection. A mapping in the IAM file based on this parameter would be the easiest way to associate a param value with a permissions set.
/cc @GRolston