fix: give Get/Put/DeleteObject* perms

Author: theburningmonk

lib/package/s3/compileIamRoleToS3.js

@@ -36,7 +36,7 @@ module.exports = {
     const permissions = bucketActions.map(({ bucket, action }) => {
       return {
         Effect: 'Allow',
-        Action: `s3:${action}`,
+        Action: `s3:${action}*`, // e.g. PutObject*, GetObject*, DeleteObject*
         Resource: {
           'Fn::Sub': [
             '${bucket}/*',

lib/package/s3/compileIamRoleToS3.test.js

@@ -97,7 +97,7 @@ describe('#compileIamRoleToS3()', () => {
                   },
                   {
                     Effect: 'Allow',
-                    Action: 's3:PutObject',
+                    Action: 's3:PutObject*',
                     Resource: {
                       'Fn::Sub': [
                         '${bucket}/*',
@@ -109,7 +109,7 @@ describe('#compileIamRoleToS3()', () => {
                   },
                   {
                     Effect: 'Allow',
-                    Action: 's3:GetObject',
+                    Action: 's3:GetObject*',
                     Resource: {
                       'Fn::Sub': [
                         '${bucket}/*',
@@ -121,7 +121,7 @@ describe('#compileIamRoleToS3()', () => {
                   },
                   {
                     Effect: 'Allow',
-                    Action: 's3:DeleteObject',
+                    Action: 's3:DeleteObject*',
                     Resource: {
                       'Fn::Sub': [
                         '${bucket}/*',
@@ -135,7 +135,7 @@ describe('#compileIamRoleToS3()', () => {
                   },
                   {
                     Effect: 'Allow',
-                    Action: 's3:PutObject',
+                    Action: 's3:PutObject*',
                     Resource: {
                       'Fn::Sub': [
                         '${bucket}/*',