(re: commitdev/zero#423)
Check into the feasibility / effort involved in pulling out any IAM TF into the shared role and auditing the access of the default "operator" role we are creating to ensure that a created user would have access to run the remainder of the terraform.