allow ssm:GetParameter with ssm config

[moritzzimmer]

Currently this module configures the following policy for ssm_parameter_names:

data "aws_iam_policy_document" "ssm_policy_document" {
  count = length(var.ssm_parameter_names)

  statement {
    actions = [
      "ssm:GetParameters",
      "ssm:GetParametersByPath",
    ]

    resources = [
      "arn:aws:ssm:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:parameter/${element(var.ssm_parameter_names, count.index)}",
    ]
  }
}

This datasource should also permit ssm:GetParameter.

[moritzzimmer]

this is fixed with https://github.com/moritzzimmer/terraform-aws-lambda/releases/tag/v5.4.0