Run tfiam to generate an IAM policy only with the required permissions by your stack, and avoid providing more than needed permissions.
go install github.com/alemuro/tfiam/cmd/tfiam@latest
Go to the folder where the Terraform code is stored, run terraform init, and then execute:
tfiam
This will produce the AWS IAM policy and will get back to you through stdout.
Feel free to open a PR. Check the backlog or issues before.