pub fn generate_aws_initial_setup_policy(
context: &PermissionContext,
) -> Result<AwsIamPolicy>Expand description
Generate a merged AWS IAM policy document containing ALL provision permissions for the given platform.
This generates the COMPLETE initial setup policy covering every resource type that Alien can provision. This is intentionally broad — it includes permissions for resources that preflights may add (RSM, ServiceAccount, SecretsVault, etc.) which aren’t in the raw stack definition.
Customer-facing output: “here’s the IAM policy you need to attach to
your admin role before running alien deploy up.”