add support to s3:listObjectsV2

Author: juancarle

lib/deploy/stepFunctions/compileIamRole.js

@@ -588,10 +588,12 @@ function getS3ObjectPermissions(action, state) {
   const prefix = state.Parameters.Prefix;
   let arn;
 
-  if (prefix) {
-    arn = `arn:aws:s3:::${bucket}/${prefix}/${key}`;
-  } else if (bucket === '*' && key === '*') {
+  if (bucket === '*' && key === '*') {
     arn = '*';
+  } else if (prefix & key) {
+    arn = `arn:aws:s3:::${bucket}/${prefix}/${key}`;
+  } else if (prefix) {
+    arn = `arn:aws:s3:::${bucket}/${prefix}`;
   } else {
     arn = `arn:aws:s3:::${bucket}/${key}`;
   }
@@ -737,6 +739,9 @@ function getIamPermissions(taskStates) {
       case 'arn:aws:states:::s3:putObject':
       case 'arn:aws:states:::aws-sdk:s3:putObject':
         return getS3ObjectPermissions('s3:PutObject', state);
+      case 'arn:aws:states:::s3:listObjectsV2':
+      case 'arn:aws:states:::aws-sdk:s3:listObjectsV2':
+        return getS3ObjectPermissions('s3:listObjectsV2', state);
 
       default:
         if (isIntrinsic(state.Resource) || !!state.Resource.match(/arn:aws(-[a-z]+)*:lambda/)) {