{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "GetandDeleteInputObjects",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "${input_bucket}/*"
        },
        {
            "Sid": "GetVTAPISecret",
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "${vt_secret_id}"
        },
        {
            "Sid": "MoveScannedObjects",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "${scanned_bucket}/*",
                "${quarantined_bucket}/*"
            ]
        },
        {
            "Sid": "PublishtoSNS",
            "Effect": "Allow",
            "Action": [
                "sns:Publish"
            ],
            "Resource": "${sns_topic}"
        }
    ]
}