Security is not convenient. That’s probably why the CDK, by default, uses AdministratorAccess
Policy to deploy resources. But we can easily change it and increase the security of our AWS account, following the least privilege principle with a minimal additional burden.