Standard IAM module

This is coming out of a discussion that Duane and Fred had. A lot of times we run into weird IAM complexities because things wind up where an IAM policy needs the principals defined before the policy itself. We had previously put a lot of effort into trying to keep IAM roles and policies nearby the things that require them. But, this has unintended consequences. Here we are.