Permissions issue

[hissing-sid]

Great stack, thanks for making it available!

One issue I found was that there were additional permissions required for the delete stack role.

         # The following were missing from the example
          -  
            Sid: IAMPermissions
            Effect: "Allow"
            Action:
              - iam:DeleteRolePolicy
              - iam:DeleteRole
            Resource: 
              - !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-DeleteCFNLambda"
              - !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-DeleteCFNLambdaExecutionRole"
              - !Sub "arn:aws:iam::${AWS::AccountId}:role/${StackName}-GenerateCronExpLambdaRole"
          - 
            Sid: LamdaPermissions
            Effect: "Allow"
            Action:
              - lambda:DeleteFunction
              - lambda:InvokeFunction
              - lambda:RemovePermission
            Resource: 
              - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-GenerateCronExpLambda"
              - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${StackName}-DeleteCFNLambda"
          -  
            Sid: EventsPermissions
            Effect: "Allow"
            Action: 
              - events:RemoveTargets
              - events:DeleteRule
            Resource: 
             - !Sub  "arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${StackName}-DeleteStackEventRule"