After testing the suggested policy both with the AWS policy simulator and by using it with cert-manager I have found that the ARN prefix in the resources included in the statement cause the provider to fail with an access denied error. This new policy is equivalent and valid according to the AWS policy simulator.
Add annotation to the ingress-shim documentation
Remove debug output.
Update documentation errors.
Implement suggestions of using edit-in-place annotation to control behaviour.
Fix reference to editInPlaceAnnotation
Remove the presence of editInPlaceAnnotation from returning true to shouldSync() and relevant test.
Update comment reference to correct annotation name.
Remove tests that relied on annotation impacting result from shouldSync()
Only edit in-place when explicitly requested to do so.
Don't return error if unable to determine Ingress class, continue without setting either ingress or ingressClass.
Update annotation to certmanager.k8s.io/acme-http01-edit-in-place in order to make use case more obvious and have consistent naming.
Update docs to reflect possible values more accurately
