From 5d8aeb33e03d2112fe32a27244a1cfad0f627b65 Mon Sep 17 00:00:00 2001
From: Ben Doerr <craftsman@bendoerr.me>
Date: Tue, 12 Dec 2023 11:07:27 -0500
Subject: [PATCH] =?UTF-8?q?=F0=9F=91=94=20(apply-policy):=20Adds=20additio?=
 =?UTF-8?q?nal=20S3=20actions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 aws-iam-apply-policy.tf | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/aws-iam-apply-policy.tf b/aws-iam-apply-policy.tf
index 77c2022..97f9b09 100644
--- a/aws-iam-apply-policy.tf
+++ b/aws-iam-apply-policy.tf
@@ -328,12 +328,15 @@ data "aws_iam_policy_document" "apply_2" {
         "s3:CreateBucket",
         "s3:DeleteBucket",
         "s3:DeleteBucketWebsite",
+        "s3:DeleteObjectTagging",
+        "s3:DeleteObjectVersionTagging",
         "s3:GetAccelerateConfiguration",
         "s3:GetBucketAcl",
         "s3:GetBucketCORS",
         "s3:GetBucketLocation",
         "s3:GetBucketLogging",
         "s3:GetBucketObjectLockConfiguration",
+        "s3:GetBucketOwnershipControls",
         "s3:GetBucketPolicy",
         "s3:GetBucketPublicAccessBlock",
         "s3:GetBucketRequestPayment",
@@ -347,17 +350,22 @@ data "aws_iam_policy_document" "apply_2" {
         "s3:GetMetricsConfiguration",
         "s3:GetObject",
         "s3:GetObjectAcl",
+        "s3:GetObjectTagging",
+        "s3:GetObjectVersionTagging",
         "s3:GetReplicationConfiguration",
         "s3:ListAllMyBuckets",
         "s3:ListBucket",
+        "s3:ListTagsForResource",
         "s3:PutAccelerateConfiguration",
         "s3:PutBucketAcl",
         "s3:PutBucketCORS",
         "s3:PutBucketLogging",
         "s3:PutBucketObjectLockConfiguration",
+        "s3:PutBucketOwnershipControls",
         "s3:PutBucketPolicy",
         "s3:PutBucketPublicAccessBlock",
         "s3:PutBucketRequestPayment",
+        "s3:PutBucketTagging",
         "s3:PutBucketVersioning",
         "s3:PutBucketWebsite",
         "s3:PutEncryptionConfiguration",
@@ -366,9 +374,13 @@ data "aws_iam_policy_document" "apply_2" {
         "s3:PutLifecycleConfiguration",
         "s3:PutMetricsConfiguration",
         "s3:PutObject",
+        "s3:PutObjectTagging",
+        "s3:PutObjectVersionTagging",
         "s3:PutObjectLegalHold",
         "s3:PutObjectRetention",
-        "s3:PutReplicationConfiguration"
+        "s3:PutReplicationConfiguration",
+        "s3:TagResource",
+        "s3:UntagResource",
       ]
       resources = ["*"]
     }
@@ -380,7 +392,7 @@ data "aws_iam_policy_document" "apply_2" {
     content {
       effect = "Allow"
       actions = [
-        "SNS:GetSubscriptionAttributes",
+        "sns:GetSubscriptionAttributes",
         "sns:CreateTopic",
         "sns:DeleteTopic",
         "sns:GetTopicAttributes",