From a9c0f31ac3d7a4eb491a808a68b8ee0c2114f1d6 Mon Sep 17 00:00:00 2001
From: Alina Buzachis <abuzachis@redhat.com>
Date: Thu, 24 Mar 2022 16:12:28 +0100
Subject: [PATCH 1/3] Add policies for sns topic tagging

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>
---
 aws/policy/application-services.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/aws/policy/application-services.yaml b/aws/policy/application-services.yaml
index 808edc13..b638a4d0 100644
--- a/aws/policy/application-services.yaml
+++ b/aws/policy/application-services.yaml
@@ -128,6 +128,9 @@ Statement:
       - SNS:SetSubscriptionAttributes
       - SNS:Subscribe
       - SNS:Unsubscribe
+      - SNS:ListTagsForResource
+      - SNS:TagResource
+      - SNS:UntagResource
       - states:DescribeExecution
       - states:DescribeStateMachine
       - states:DeleteStateMachine

From 6da517ab4bc55204239344e93a72864a52b4ffc2 Mon Sep 17 00:00:00 2001
From: Alina Buzachis <abuzachis@redhat.com>
Date: Wed, 8 Jun 2022 19:09:58 +0200
Subject: [PATCH 2/3] add sns tagging policies into
 aws/policy/application-services.yaml

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>
---
 aws/policy/application-services.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/aws/policy/application-services.yaml b/aws/policy/application-services.yaml
index b638a4d0..f8617a9b 100644
--- a/aws/policy/application-services.yaml
+++ b/aws/policy/application-services.yaml
@@ -196,6 +196,9 @@ Statement:
     Action:
       - SNS:Subscribe
       - SNS:Unsubscribe
+      - SNS:ListTagsForResource
+      - SNS:TagResource
+      - SNS:UntagResource
     Resource:
       # https://aws.amazon.com/blogs/aws/subscribe-to-aws-public-ip-address-changes-via-amazon-sns/
       - 'arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged'

From b53a3b7b022f153b8b9283a7f27c3e6773b19db6 Mon Sep 17 00:00:00 2001
From: Alina Buzachis <abuzachis@redhat.com>
Date: Thu, 9 Jun 2022 11:19:26 +0200
Subject: [PATCH 3/3] Compact ses:List* to reduce file size

Signed-off-by: Alina Buzachis <abuzachis@redhat.com>
---
 aws/policy/application-services.yaml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/aws/policy/application-services.yaml b/aws/policy/application-services.yaml
index f8617a9b..cbc66df5 100644
--- a/aws/policy/application-services.yaml
+++ b/aws/policy/application-services.yaml
@@ -7,13 +7,12 @@ Statement:
       - ses:DescribeReceiptRuleSet
       - ses:CreateReceiptRuleSet
       - ses:DeleteReceiptRuleSet
-      - ses:ListReceiptRuleSets
+      - ses:List*
       - ses:SetActiveReceiptRuleSet
       - ses:GetIdentityNotificationAttributes
       - ses:GetIdentityVerificationAttributes
       - ses:GetIdentityDkimAttributes
       - ses:DeleteIdentity
-      - ses:ListIdentities
       - ses:SetIdentityFeedbackForwardingEnabled
       - ses:SetIdentityHeadersInNotificationsEnabled
       - ses:SetIdentityNotificationTopic
@@ -24,15 +23,12 @@ Statement:
       - ses:GetIdentityPolicies
       - ses:PutIdentityPolicy
       - ses:DeleteIdentityPolicy
-      - ses:ListIdentityPolicies
       - ssm:DescribeParameters
       - ssm:DescribeAssociation
       - ssm:GetDeployablePatchSnapshotForInstance
       - ssm:GetDocument
       - ssm:DescribeDocument
       - ssm:GetManifest
-      - ssm:ListAssociations
-      - ssm:ListInstanceAssociations
       - ssm:PutInventory
       - ssm:PutComplianceItems
       - ssm:PutConfigurePackageResult