CCM-15020: Permissions fixes

gareth-allan · gareth-allan · commit a175cc6b3687 · 2026-04-08T12:31:28.000+01:00
diff --git a/infrastructure/terraform/components/dl/sns_topic.tf b/infrastructure/terraform/components/dl/sns_topic.tf
@@ -13,8 +13,11 @@ data "aws_iam_policy_document" "sns_topic_policy_document" {
     effect = "Allow"
 
     principals {
-      type        = "AWS"
-      identifiers = ["arn:aws:iam::${var.shared_infra_account_id}:root"]
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${var.shared_infra_account_id}:role/nhs-*-events-digital-letters-reporting",
+        "arn:aws:sts::${var.shared_infra_account_id}:assumed-role/nhs-*-events-digital-letters-reporting/*"
+      ]
     }
 
     actions = [
