Some IAM Policies conflict with SecurityHub IAM.21

[egut]

AWS fairly recently added added a new control IAM.21 to AWS Foundational Security Best Practices see: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-iam-21 aws-deployment-framework/src/template.yml

When ADF is deployed some of the policies in https://github.com/awslabs/aws-deployment-framework/blob/f60bfaff93fb0d73b46bf7ff332f4c264cd3044d/src/template.yml fail to pass IAM.21 control.

• CodeBuildPolicy

"codebuild:*"

• CodePipelineRolePolicy

   "codebuild:*"
   "codecommit:*"

• LambdaPolicy

   "cloudformation:*"
   "ssm:*"