We aim to listen to upload events to the Sentinel 2 satellite mission database then have our handler do its thing and have put together simple service which gets the job done 
However, it breaks on sls remove with the following error:
An error occurred: ListenSnsSubscriptionNewSentinel2Product - User: [my-arn] is not authorized to perform: SNS:ListSubscriptionsByTopicon resource: arn:aws:sns:eu-west-1:214830741341:NewSentinel2Product.
My aim was to limit scope to sns:subsribe. Why is the service trying to list subscriptions to this topic?
Here is the serverless.yml:
