function Get-ServerlessServiceAccountIamPolicyString {
<#
.SYNOPSIS
    Returns the string for an AWS IAM policy for serverless service accounts.

.PARAMETER SecretArns
    [string[]] The AWS ARNs for the secrets associated with the serverless service account.

.EXAMPLE
    Get-ServerlessServiceAccountIamPolicyString -SecretArns @( 'example' )

{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Sid":"AllowSecretsManagerAccess","Resource":["example"],"Action":["secretsmanager:DescribeSecret","secretsmanager:GetSecretValue"]}]}
#>
    [CmdletBinding()]
    [OutputType([string])]
    param(
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string[]] $SecretArns
    )

    $policyObj = @{
        Version   = "2012-10-17"
        Statement = @(
            @{
                Sid    = "AllowSecretsManagerAccess"
                Effect = "Allow"
                Action = @(
                    "secretsmanager:DescribeSecret",
                    "secretsmanager:GetSecretValue"
                )
                Resource = $SecretArns
            }
        )
    }

    return (ConvertTo-Json -InputObject $policyObj -Compress -Depth 10)
}