BOSH Director requires a fairly powerful vCenter service account to do all of the things it does.
The list of permissions required is here, and it’s extensive.
You can always take the shortcut and make your account an Administrator of the vSphere environment, but that violates the whole “least privilege” principle and I don’t like that in production environments.
I wrote a working PowerCLI code function that will automatically create this vCenter role and add the specified user/group to it.
It greatly reduces the time to set this up. Hope this helps someone out.