Add rules to check for a Resource wildcard in a policy

[phelewski]

This should apply for any policy type, just make sure that all resource types are covered.

For example:

• aws_sqs_queue_policy
• aws_sns_topic_policy
• etc...

[kmonihen]

We might want to considering failing if these resources are using inline rather than a policy document. aws_iam_policy_document would then have it's own set of rules in a single place.

[kmonihen]

The Terraform documentation recommends using an aws_iam_policy_document data source for several good reasons:

• Native Terraform configuration - no need to worry about JSON formatting or syntax
• Policy layering - create policy documents that combine and/or overwrite other policy documents
• Built-in policy error checking

https://learn.hashicorp.com/terraform/aws/iam-policy#choosing-a-configuration-method

[kmonihen]

Need rules for these resources (KMS #96 & Elasticsearch #95 are covered in other issues).

media_store_container_policy - https://www.terraform.io/docs/providers/aws/r/media_store_container_policy.html#policy

ses_identity_policy - https://www.terraform.io/docs/providers/aws/r/ses_identity_policy.html#policy

sns_topic - https://www.terraform.io/docs/providers/aws/r/sns_topic.html#policy sns_topic_policy - https://www.terraform.io/docs/providers/aws/r/sns_topic_policy.html#policy

sqs_queue - https://www.terraform.io/docs/providers/aws/r/sqs_queue.html#policy sqs_queue_policy - https://www.terraform.io/docs/providers/aws/r/sqs_queue_policy.html#policy

cloudwatch_log_destination_policy - https://www.terraform.io/docs/providers/aws/r/cloudwatch_log_destination_policy.html#access_policy

ecr_repository_policy - https://www.terraform.io/docs/providers/aws/r/ecr_repository_policy.html#policy

iot_policy - https://www.terraform.io/docs/providers/aws/r/iot_policy.html#policy