Add explicit SNS Publish permission to onboarding service for core-stack-listener. (#382)

Co-authored-by: PoeppingT <[email protected]>

Author: PoeppingT

resources/saas-boost-svc-onboarding.yaml

@@ -347,7 +347,8 @@ Resources:
             Action:
               - sns:Publish
             Resource:
-              - !Sub arn:aws:sns:${AWS::Region}:${AWS::AccountId}:sb-*
+              - !Sub arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:sb-${Environment}-onboarding*
+              - !Sub arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:sb-${Environment}-core-stack-listener
           - Effect: Allow
             Action:
               - ssm:GetParameter*