Lacework custom audit policy is missing

[AdamVB]

The Cloudformation template is missing additional permissions for the lacework custom audit policy, these are not part of the AWS managed SecurityAudit Policy

    "LaceworkCWSPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyName": "LaceworkCWSPolicy",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "GetEc2DefaultEncryption",
              "Action": [
                "ec2:GetEbsEncryptionByDefault"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "EksListTagsForResource",
              "Action": [
                "eks:ListTagsForResource"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "EfsPolicies",
              "Action": [
                "elasticfilesystem:DescribeFileSystemPolicy",
                "elasticfilesystem:DescribeLifecycleConfiguration",
                "elasticfilesystem:DescribeAccessPoints",
                "elasticfilesystem:DescribeAccountPreferences",
                "elasticfilesystem:DescribeBackupPolicy",
                "elasticfilesystem:DescribeReplicationConfigurations"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "SagemakerPolicies",
              "Action": [
                "sagemaker:GetLineageGroupPolicy",
                "sagemaker:GetModelPackageGroupPolicy"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "IdentityStoreReadOnly",
              "Action": [
                "identitystore:DescribeGroup",
                "identitystore:DescribeGroupMembership",
                "identitystore:DescribeUser",
                "identitystore:ListGroupMemberships",
                "identitystore:ListGroupMembershipsForMember",
                "identitystore:ListGroups",
                "identitystore:ListUsers"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "SSOReadOnly",
              "Action": [
                "sso:DescribeAccountAssignmentDeletionStatus",
                "sso:DescribeInstanceAccessControlAttributeConfiguration",
                "sso:GetInlinePolicyForPermissionSet"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "APIGATEWAY",
              "Action": [
                "apigateway:GetApiKeys",
                "apigateway:GetAuthorizers",
                "apigateway:GetBasePathMappings",
                "apigateway:GetClientCertificates",
                "apigateway:GetDeployments",
                "apigateway:GetDocumentationParts",
                "apigateway:GetDocumentationVersions",
                "apigateway:GetDomainNames",
                "apigateway:GetGatewayResponses",
                "apigateway:GetModels",
                "apigateway:GetModelTemplate",
                "apigateway:GetRequestValidators",
                "apigateway:GetResources",
                "apigateway:GetRestApis",
                "apigateway:GetSdk",
                "apigateway:GetSdkTypes",
                "apigateway:GetStages",
                "apigateway:GetTags",
                "apigateway:GetUsagePlanKeys",
                "apigateway:GetUsagePlans",
                "apigateway:GetVpcLinks"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Sid": "APIGATEWAYV2",
              "Action": [
                "apigatewayv2:GetApis",
                "apigatewayv2:GetApiMappings",
                "apigatewayv2:GetAuthorizers",
                "apigatewayv2:GetDeployments",
                "apigatewayv2:GetDomainNames",
                "apigatewayv2:GetIntegrations",
                "apigatewayv2:GetIntegrationResponses",
                "apigatewayv2:GetModelTemplate",
                "apigatewayv2:GetModels",
                "apigatewayv2:GetRoute",
                "apigatewayv2:GetRouteResponses",
                "apigatewayv2:GetStages",
                "apigatewayv2:GetVpcLinks"
              ],
              "Effect": "Allow",
              "Resource": "*"
            }
          ]
        },
        "Roles": [
          {
            "Ref": "LaceworkCrossAccountAccessRole"
          }
        ]
      }
    },

[AdamVB]

Can be closed since this was commited here: https://github.com/lacework-alliances/lacework-control-tower-cfn/commit/801792281d6befa260ee7ea111dec0d906b156b3