allow SQS send message permission

devksingh4 · devksingh4 · commit 83de4b5d2f8c · 2025-07-27T02:44:18.000-04:00
diff --git a/terraform/modules/lambdas/main.tf b/terraform/modules/lambdas/main.tf
@@ -108,9 +108,25 @@ resource "aws_iam_policy" "entra_policy" {
       }
     ]
   }))
+}
 
+resource "aws_iam_policy" "api_only_policy" {
+  name = "${var.ProjectId}-entra-policy"
+  policy = jsonencode(({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = ["sqs:SendMessage"],
+        Resource = [
+          "arn:aws:sqs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:infra-core-api-*",
+        ]
+      }
+    ]
+  }))
 }
 
+
 resource "aws_iam_policy" "sqs_policy" {
   name = "${var.ProjectId}-sqs-consumer-policy"
   policy = jsonencode(({
