// ---------------------------------------------------------------------------- // Policy for putting events to EventBridge // ---------------------------------------------------------------------------- data "aws_iam_policy_document" "eventbridge_access" { statement { sid = "2" actions = [ "events:PutEvents", ] resources = [ aws_cloudwatch_event_bus.egress.arn ] } } resource "aws_iam_policy" "eventbridge_access" { name = "eventbridge-access-policy" policy = data.aws_iam_policy_document.eventbridge_access.json } // ---------------------------------------------------------------------------- // Policy for receiving messages from SQS // ---------------------------------------------------------------------------- data "aws_iam_policy_document" "sqs_access" { statement { sid = "1" actions = [ "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ReceiveMessage" ] resources = [ aws_sqs_queue.ingress.arn ] } } // creates a policy from the document resource "aws_iam_policy" "sqs_access" { name = "lambda-execution-policy" policy = data.aws_iam_policy_document.sqs_access.json }