1. Proposed title of this feature request

List of minimum IAM Permissions for CCO in HCP Manual Mode for least privilege

2. What is the nature and description of the documentation request?

For the Cloud Credential Operator (CCO)  when running in the Manual mode should provide the exact policy permissions for the CCO operator as it requires a set of read-only permissions to validate the existing environment and secrets. The information can be checked in following document in chapter 10:

10.3. ASSIGNING COMPONENTS IAM ROLES BY USING THE CCO IN A
HOSTED CLUSTER ON AWS

• • What should be improved:* The documentation should explicitly include the following Minimum Read-Only Policy for the CCO Operator (cloud-credential-operator-iam-ro role) as this could be changed in audits or  could  have colissions with IAM policies.

If not, customers may grant full permissions (like iam:*) to the CCO operator to "ensure it works" which would be a security risk.