What's the most efficient way to determine the minimum AWS permissions necessary for a Terraform configuration?

Question

I have a Terraform configuration targeting deployment on AWS. It applies beautifully when using an IAM user that has permission to do anything (i.e. {actions: [\"*\"],

Answer 1

Here is another approach, similar to what was said above, but without getting into CloudTrail -

1. Give full permissions to your IAM user.
2. Run TF_LOG=trace terraform apply --auto-approve &> log.log
3. Run cat log.log | grep "DEBUG: Request"

You will get a list of all AWS Actions used.