Add permission for SESv2

README.md

@@ -118,4 +118,25 @@ The audit policy is comprised of the following permissions:
 |                            | codebuild:BatchGetBuilds                                |           |
 | SNS                        | sns:GetDataProtectionPolicy                             | *         |
 |                            | sns:ListPlatformApplications                            |           |
-|                            | sns:GetSubscriptionAttributes                           |           |
+|                            | sns:GetSubscriptionAttributes                           |           |
+| SES                        | ses:ListContactLists                                    | *         |
+|                            | ses:GetContactList                                      |           |
+|                            | ses:ListContacts                                        |           |
+|                            | ses:GetContact                                          |           |
+|                            | ses:ListCustomVerificationEmailTemplates                |           |
+|                            | ses:GetCustomVerificationEmailTemplate                  |           |
+|                            | ses:GetDedicatedIpPool                                  |           |
+|                            | ses:GetBlacklistReports                                 |           |
+|                            | ses:GetDedicatedIp                                      |           |
+|                            | ses:ListDeliverabilityTestReports                       |           |
+|                            | ses:GetDeliverabilityTestReport                         |           |
+|                            | ses:ListEmailIdentities                                 |           |
+|                            | ses:GetEmailIdentity                                    |           |
+|                            | ses:GetEmailIdentityPolicies                            |           |
+|                            | ses:ListEmailTemplates                                  |           |
+|                            | ses:GetEmailTemplate                                    |           |
+|                            | ses:ListImportJobs                                      |           |
+|                            | ses:GetImportJob                                        |           |
+|                            | ses:ListRecommendations                                 |           |
+|                            | ses:ListSuppressedDestinations                          |           |
+|                            | ses:GetSuppressedDestination                            |           |

main.tf

@@ -115,7 +115,7 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["glacier:ListTagsForVault"]
     resources = ["*"]
   }
-  
+
   statement {
     sid = "WAFREGIONAL"
     actions = ["waf-regional:ListRules",
@@ -155,6 +155,33 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     actions = ["states:ListTagsForResource"]
     resources = ["*"]
   }
+
+    statement {
+    sid = "SES"
+    actions = ["ses:ListContactLists",
+      "ses:GetContactList",
+      "ses:ListContacts",
+      "ses:GetContact",
+      "ses:ListCustomVerificationEmailTemplates",
+      "ses:GetCustomVerificationEmailTemplate",
+      "ses:GetDedicatedIpPool",
+      "ses:GetBlacklistReports",
+      "ses:GetDedicatedIp",
+      "ses:ListDeliverabilityTestReports",
+      "ses:GetDeliverabilityTestReport",
+      "ses:ListEmailIdentities",
+      "ses:GetEmailIdentity",
+      "ses:GetEmailIdentityPolicies",
+      "ses:ListEmailTemplates",
+      "ses:GetEmailTemplate",
+      "ses:ListImportJobs",
+      "ses:GetImportJob",
+      "ses:ListRecommendations",
+      "ses:ListSuppressedDestinations",
+      "ses:GetSuppressedDestination",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {