AWS sqs:SendMessageBatch Phantom/Removed permission?

The sqs:SendMessageBatch doesn't exist in the the current SAR, but it has in previous versions. Additionally, Access Analyzer is now saying it's an unknown action:

iam-dataset/managedpolicies/AmazonSageMakerGroundTruthExecution.json

Lines 358 to 363 in c5505b3

    
           "unknown_actions": [ 
        
             { 
        
               "action": "sqs:SendMessageBatch", 
        
               "condition": null 
        
             } 
        
           ],

This action isn't listed in iam_definition.json but map.json maps the SQS.SendMessageBatch API method to the sqs:SendMessageBatch permission:

        "SQS.SendMessageBatch": [
            {
                "action": "sqs:SendMessageBatch",
                "resource_mappings": {
                    "QueueName": {
                        "template": "%%regex%${QueueUrl}%/^.+\\/(.+?)$/g%%"
                    }
                }
            }
        ],

It seems to have started flagging as an unknown action last September, being flagged as an unknown action in AmazonSageMkaerGroundTruthExecution managed policy in cb4be16 and also showed up in MAMIP around the same time: z0ph/MAMIP/commit@638e7aba641e9b10499ccf889134db4deebd9e84

Hey @joelthompson,

Thanks for raising!

Looks like the behaviour of SQS.SendMessageBatch requires sqs:SendMessage, so updated to reflect that and therefore the managed policy is indeed wrong.

(sounds like this was fixed in 274405e and the issue can be closed?)

	"unknown_actions": [
	{
	"action": "sqs:SendMessageBatch",
	"condition": null
	}
	],