The [S3inventorypolicy](https://github.com/mapbox/magic-cfn-resources/blob/e655729b2e6dd9aa77f8e66abc6945c44cccac15/lib/build.js#L365-L400) has `Resource: *` permissions for s3. These should be scoped down to the specific bucket, if possible.
The S3inventorypolicy has
Resource: *permissions for s3.These should be scoped down to the specific bucket, if possible.