Added iam:getRole perms to CF1 remediation (#140)

* Added iam:getRole perms to CF1 remediation

* tightened up perms

* Trying to use the orchestrator role instead

* Reverting back to wildcard after failures narrowing it down

Author: tmekari

source/lib/remediation_runbook-stack.ts

@@ -1358,7 +1358,7 @@ export class RemediationRunbookStack extends cdk.Stack {
       inlinePolicy.addStatements(snsPerms);
 
       const remediationPolicy = new PolicyStatement();
-      remediationPolicy.addActions('servicecatalog:GetApplication');
+      remediationPolicy.addActions('servicecatalog:GetApplication', 'iam:GetRole');
       remediationPolicy.effect = Effect.ALLOW;
       remediationPolicy.addResources('*');
       inlinePolicy.addStatements(remediationPolicy);