docs: Add AWS IAM policy template for deployment

- Add aws-iam-policy.json with minimal required permissions
- Policy includes ECR, Lambda, CloudFormation, and IAM permissions
- Template for creating secure IAM users for CI/CD deployment
- Follows principle of least privilege for production security

Author: Neiland85

aws-iam-policy.json

@@ -0,0 +1,49 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecr:GetAuthorizationToken",
+                "ecr:BatchCheckLayerAvailability",
+                "ecr:GetDownloadUrlForLayer",
+                "ecr:BatchGetImage",
+                "ecr:InitiateLayerUpload",
+                "ecr:UploadLayerPart",
+                "ecr:CompleteLayerUpload",
+                "ecr:PutImage"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "lambda:CreateFunction",
+                "lambda:UpdateFunctionCode",
+                "lambda:UpdateFunctionConfiguration",
+                "lambda:GetFunction",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "arn:aws:lambda:eu-west-1:*:function:neurobank-*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudformation:CreateStack",
+                "cloudformation:UpdateStack",
+                "cloudformation:DescribeStacks",
+                "cloudformation:DescribeStackEvents",
+                "cloudformation:GetTemplate"
+            ],
+            "Resource": "arn:aws:cloudformation:eu-west-1:*:stack/neurobank-*/*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:GetRole",
+                "iam:PassRole"
+            ],
+            "Resource": "arn:aws:iam::*:role/neurobank-*"
+        }
+    ]
+}