Carl/bcda 8630 update lambda role access (#182)

## 🎫 Ticket

https://jira.cms.gov/browse/BCDA-8630

## 🛠 Changes

Update resource to * as required by docs

## ℹ️ Context

Update lambda resource access policy

<!-- If any of the following security implications apply, this PR must
not be merged without Stephen Walter's approval. Explain in this section
and add @SJWalter11 as a reviewer.
  - Adds a new software dependency or dependencies.
  - Modifies or invalidates one or more of our security controls.
  - Stores or transmits data that was not stored or transmitted before.
- Requires additional review of security implications for other reasons.
-->

## 🧪 Validation

<!-- How were the changes verified? Did you fully test the acceptance
criteria in the ticket? Provide reproducible testing instructions and
screenshots if applicable. -->

terraform/services/admin-create-aco-creds/main.tf

@@ -13,8 +13,9 @@ data "aws_iam_policy_document" "creds_bucket" {
 
 data "aws_iam_policy_document" "kms_access" {
   statement {
-    actions   = ["kms:ListAliases"]
-    resources = ["arn:aws:s3:::bcda-aco-credentials/${var.env == "sbx" ? "opensbx" : var.env}/*"]
+    actions = ["kms:ListAliases"]
+    // must be *, see: https://docs.aws.amazon.com/kms/latest/developerguide/alias-access.html#alias-access-view
+    resources = ["*"]
   }
 }