CDKv2 Bootstraping IAM model

[St3lthM0d3]

The default bootstrapping for cdkv2 creates new IAM roles and uses those for deployment of all stacks. The default roles attach admin permissions by default. While this allows the teams to get started quickly setup and start building using CDK, this does not align with promoting least privilege model.
Can't CDKv2 follow the normal IAM model for other tools and SDKs (using the context/ credentials of the requestor or a passed role) ?

In enterprise environments where teams have delegated permissions, this default model poses additional challenges for Platform and security teams. Some of the issues such as

How can the platform and security team prevent the default CDKv2 bootstrapping model while still allowing them to build using CDKv2?
What are the options provided by CDK to enforce a standard model IAM for CDKv2 usage across the AWS organization?

[indrora]

You are free to use a custom bootstrap template if your organization requires specific permissions or otherwise needs to make customizations.

The CDK requires administrator level privilege in order to fully automatically orchestrate services such as CloudFormation.