feat(aws-iam): policy document optimization

[andreialecu]

This closes #14713

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[andreialecu]

It appears that the test failure is related to a test that asserts a policy is added 3 times with different resources but same actions, but this PR optimizes it to only be added once with 3 resources assigned to it.

[andreialecu]

Bump.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
• Commit ID: 7ec6e58
• Result: FAILED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[rix0rrr]

Thanks for the work, but as I mentioned in the issue, we early on decided not to do work like this because if we get it wrong, potential non-obvious things might happen leading to security issues.

I know you'll say "this is so simple and obvious it's impossible to get wrong", but we thought the same and promptly the PR we submitted had a bug in it that would lead to unintended permission widening 😅.

I would recommend you try to vend functionality like this as an add-on to the CDK. We might consider integration something like this once it has a proven track record, but until then I'm a little wary of all solutions that do work in this area.