DatadogStreamStackSetExecutionRole has unrestricted role assumption

## Expected Behavior

IAM Roles created by CloudFormation should be bound by resource or conditional statements.

## Actual Behavior

StackSet creates an IAM role (DatadogStreamStackSetExecutionRole) which grants it unrestricted access to assume any role within the AWS account (essentially granting administrator privileges, and making all of the other IAM grants irrelevant): 
https://github.com/DataDog/cloudformation-template/blob/8cd365f8616626945397b1e26a3028e15e7aaa4e/aws_streams/streams_main.yaml#L100-L104

Please update this template to add a condition to the CloudFormation so that the StackSet can only assume the specific roles it needs to perform the updates required.

## Steps to Reproduce the Problem

  1. Implement AWS monitoring via CloudFormation Stackset

## Specifications

  - Datadog CloudFormation template version:  
  
## Stacktrace
  
  ```
  Paste here
  ```

	- Effect: Allow
	Action:
	- iam:GetRole
	- iam:PassRole
	Resource: "*"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DatadogStreamStackSetExecutionRole has unrestricted role assumption #134

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

Stacktrace

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

DatadogStreamStackSetExecutionRole has unrestricted role assumption #134

Description

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

Stacktrace

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions