Remove the create log group permissions
Add CloudWatch LogGroup to the CFT
Reference the co-created CloudWatch LogGroup as one of the resources for the IamPolicyLambdaExecution's logging statement
Switch from an all lambdas logging resource IAM policy to one that targets specifically and only those CloudWatch logs produces by the lambdas declared by the service.
Modify tests to ensure this is properly done.
