fix: fix datadog IAM policy to prevent numerous CloudTrail errors

Author: Taylor McClure

main.tf

@@ -59,11 +59,12 @@ resource "aws_iam_policy" "datadog-core" {
         "apigateway:GET",
         "autoscaling:Describe*",
         "budgets:ViewBudget",
+        "cloudformation:DetectStack*",
         "cloudfront:GetDistributionConfig",
         "cloudfront:ListDistributions",
+        "cloudtrail:LookupEvents",
         "cloudtrail:DescribeTrails",
         "cloudtrail:GetTrailStatus",
-        "cloudtrail:LookupEvents",
         "cloudwatch:Describe*",
         "cloudwatch:Get*",
         "cloudwatch:List*",
@@ -86,6 +87,7 @@ resource "aws_iam_policy" "datadog-core" {
         "es:ListTags",
         "es:ListDomainNames",
         "es:DescribeElasticsearchDomains",
+        "fsx:DescribeFileSystems",
         "health:DescribeEvents",
         "health:DescribeEventDetails",
         "health:DescribeAffectedEntities",
@@ -102,6 +104,7 @@ resource "aws_iam_policy" "datadog-core" {
         "logs:PutSubscriptionFilter",
         "logs:DeleteSubscriptionFilter",
         "logs:DescribeSubscriptionFilters",
+        "organizations:DescribeOrganization",
         "rds:Describe*",
         "rds:List*",
         "redshift:DescribeClusters",
@@ -116,8 +119,8 @@ resource "aws_iam_policy" "datadog-core" {
         "ses:Get*",
         "sns:List*",
         "sns:Publish",
-        "sqs:ListQueues",
         "states:ListStateMachines",
+        "sqs:ListQueues",
         "support:*",
         "tag:GetResources",
         "tag:GetTagKeys",