Which AWS IAM permissions are needed?

[zackriso]

There are 2 main requirements in terms of Cloud Carbon Footprint (CCF) for AWS:

1. User 1: The AWS resources which need to be deployed, such as: the CUR report, the CloudFormation Stack to get Athena/Glue working
2. User 2: needed to run the tool itself (yarn start) through an EC2 or local terminal

When deploying CCF in any organization or production environment, we need to provide the 2 users specific permissions. We cannot (and in most place) wont have the luxury to assign both of them "admin" access: such is not a good idea from a security point of view.

Can we have an idea which AWS IAM actions are needed for the two users above? Thank you