add new actions to policy

[mjonesbase2]

Logs from /var/log/amazon/ssm/error.log

2023-07-19 04:32:08 ERROR [uploadItemsToSSM @ inventory.go.251] [ssm-document-worker] [.2023-07-19T04-32-01.772Z] [DataBackend] [pluginName=aws:softwareInventory] [aws:softwareInventory] error uploading inventory data AccessDeniedException: User: arn:aws:sts::000000000:assumed-role/BastionCliSessionManager/i-xxxxx is not authorized to perform: ssm:PutInventory on resource: arn:aws:ec2:ap-southeast-2:00000000000:instance/i-xxxxxxxx because no identity-based policy allows the ssm:PutInventory action
        status code: 400, request id: 
2023-07-19 02:51:24 ERROR [ProcessAssociation @ processor.go.204] [ssm-agent-worker] [MessageService] [Association] Encountered error while loading association  contents, AccessDeniedException: User: arn:aws:sts::0000000000000:assumed-role/BastionCliSessionManager/i-xxxxxx is not authorized to perform: ssm:GetDocument on resource: arn:aws:ssm:ap-southeast-2::document/AWS-GatherSoftwareInventory because no identity-based policy allows the ssm:GetDocument action
        status code: 400, request id: 
2023-07-19 02:51:24 ERROR [HandleAwsError @ awserr.go.49] [ssm-agent-worker] [MessageService] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::0000000000000:assumed-role/BastionCliSessionManager/i-xxxxxxxxxxx is not authorized to perform: ssm:UpdateInstanceAssociationStatus on resource: arn:aws:ssm:ap-southeast-2:00000000000:association/xxxxx because no identity-based policy allows the ssm:UpdateInstanceAssociationStatus action
        status code: 400, request id: