This could be a useful tool to identify which minimum set of action to allow on my IaC user to allow it to do its works while preserving least privilege.
I have yet to find a smarter way to do this than add actions one by one, and I am not on my own - as per this terraform issue, and stackoverflow.
I will, one day, experiment with iamlive, which would theoretically allow me to execute my terraform configuration with a super -user, log the corresponding access rights and then add these to my IaC user policy.
source: stackoverflow