Module initial_setup 

Auto-generates minimal IAM/RBAC permissions for initial setup.

Initial setup creates setup-owned Frozen resources. Alien-owned Live resources are created later by the deployment loop with management credentials. This module generates the setup permission set for that first Frozen-resource phase.

Functions

generate_aws_initial_setup_policy

Generate a merged AWS IAM policy document containing setup provision permissions for the given platform.

initial_setup_permission_set_ids

Collects all provision permission set IDs needed for a stack’s initial setup.