Move new permissions all into the new policy

Updated readme

README.md

@@ -79,7 +79,7 @@ Terraform module for configuring an integration with Lacework and AWS for cloud
 ## Lacework Audit Policy
 
 The Lacework audit policy extends the SecurityAudit policy to facilitate the reading of additional configuration resources.
-As of 1/22/2025, we have exceeded the limit of 6144 characters for a single policy, thus every service starting with codeartifact are in a new policy.
+As of 1/22/2025, we have exceeded the limit of 6144 characters for a single policy, thus every service starting with KINESISVIDEO are in a new policy: lwaudit-policy-${random_id.uniq.hex}-2025-1
 The audit policy is comprised of the following permissions:
 
 | sid                        | actions                                                 | resources |

main.tf

@@ -241,47 +241,6 @@ data "aws_iam_policy_document" "lacework_audit_policy" {
     ]
     resources = ["*"]
   }
-
-  statement {
-    sid = "KINESISVIDEO"
-    actions = ["kinesisvideo:GetSignalingChannelEndpoint",
-      "kinesisvideo:GetDataEndpoint",
-      "kinesisvideo:DescribeImageGenerationConfiguration",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "AMP"
-    actions = ["aps:ListScrapers",
-      "aps:DescribeScraper",
-      "aps:ListWorkspaces",
-      "aps:DescribeAlertManagerDefinition",
-      "aps:DescribeLoggingConfiguration",
-      "aps:DescribeWorkspace",
-      "aps:ListRuleGroupsNamespaces",
-      "aps:DescribeRuleGroupsNamespace",
-      "aps:ListTagsForResource",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "APPSTREAM"
-    actions = ["appstream:Describe*",
-      "appstream:List*",
-    ]
-    resources = ["*"]
-  }
-
-  statement {
-    sid = "PERSONALIZE"
-    actions = ["personalize:Describe*",
-      "personalize:List*",
-      "personalize:GetSolutionMetrics",
-    ]
-    resources = ["*"]
-  }
 }
 
 # AWS iam allows only 6144 characters in a single policy
@@ -325,6 +284,47 @@ data "aws_iam_policy_document" "lacework_audit_policy_2025_1" {
     ]
     resources = ["*"]
   }
+
+  statement {
+    sid = "KINESISVIDEO"
+    actions = ["kinesisvideo:GetSignalingChannelEndpoint",
+      "kinesisvideo:GetDataEndpoint",
+      "kinesisvideo:DescribeImageGenerationConfiguration",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AMP"
+    actions = ["aps:ListScrapers",
+      "aps:DescribeScraper",
+      "aps:ListWorkspaces",
+      "aps:DescribeAlertManagerDefinition",
+      "aps:DescribeLoggingConfiguration",
+      "aps:DescribeWorkspace",
+      "aps:ListRuleGroupsNamespaces",
+      "aps:DescribeRuleGroupsNamespace",
+      "aps:ListTagsForResource",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "APPSTREAM"
+    actions = ["appstream:Describe*",
+      "appstream:List*",
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "PERSONALIZE"
+    actions = ["personalize:Describe*",
+      "personalize:List*",
+      "personalize:GetSolutionMetrics",
+    ]
+    resources = ["*"]
+  }
 }
 
 resource "aws_iam_policy" "lacework_audit_policy" {