Missing s3 policy for lambda typescript tutorial

[slnowak]

Hi,
I've been trying to port the typescript lambda tutorial (https://pulumi.awsworkshop.io/40_lambda_microservices_ts/20_getting_started_with_pulumi.html) to java and encountered some issues during the process.

There seems to be some permission issues - my thumbnailer lambda was not able to manipulate s3 bucket without explicitly adding the following policy:

            var s3AccessPolicy = new Policy("lambdaS3Access", PolicyArgs.builder()
                    .policy(bucket.arn().applyValue(buketArn -> """
                            {
                              "Version": "2012-10-17",
                              "Statement": [
                                {
                                  "Effect": "Allow",
                                  "Action": "s3:*",
                                  "Resource": ["%s", "%s/*"]
                                }
                              ]
                            }""".formatted(buketArn, buketArn)))
                    .build());

So basically, I needed to grant explicit access to both the bucket and all the elements of the bucket and aws.iam.ManagedPolicy.LambdaFullAccess was not enough to cover this.

Can anyone please check if this particular example actually works as it is?