As pointed out in #1 if a user ONLY selects email as an endpoint, the IAM policy fails. This was due to the IAM policy condition for secrets. Chime, Slack, Eventbridge and Teams are all stored as secrets. If none of those endpoints are created, the resources for the policy are null and thus give the error: "Policy statement must contain resources".
Solution was to create another condition that verifies if any combination of secrets conditions were met and if true, add that particular permission to the overall policy.