fix: Don't duplicate PolicyDocument statement for stream events (#12313)

[tibbe]

Each function consuming a stream event would emit its own PolicyDocument statement. This statement would contain a list of actions that doesn't change between functions. For DynamoDB streams the list is:

"Action": [
    "dynamodb:GetRecords",
    "dynamodb:GetShardIterator",
    "dynamodb:DescribeStream",
    "dynamodb:ListStreams"
],

Duplicating these for each function causes the IAM policy to exceed the AWS limit after about 30 functions.

The resource names are still duplicated, if they happen to be the same.

Closes: #12313

[tibbe]

I ran test/integration/aws/stream.test.js, which passes.

[tibbe]

I didn't implement de-duplication of resource names, as I'm not sure how to do so correctly in the preference of functions like Fn::GetAtt in the arn property of the stream object in the Serverless config.

In my case resource name de-duplication would be helpful, as even with this fix the DynamoDB table name is duplicated 30 times in the Resource array. This fix makes our prod backend deployable again so it's still a (large) improvement.

[tibbe]

Anything else I can do to shepherd this along?

[tibbe]

Could someone please take look at this? This is rather problematic issue for large users of serverless.

[tibbe]

Ping

[tibbe]

Does this project accept external contributions?