CCM-13768: restrict access to the queue

Ian-Hodges · Ian-Hodges · commit d7b9fe9891a3 · 2026-01-22T08:03:35.000Z
diff --git a/infrastructure/terraform/components/dl/module_sqs_print_analyser.tf b/infrastructure/terraform/components/dl/module_sqs_print_analyser.tf
@@ -32,5 +32,11 @@ data "aws_iam_policy_document" "sqs_print_analyser" {
     resources = [
       "arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-print-analyser-queue"
     ]
+
+    condition {
+      test     = "ArnEquals"
+      variable = "aws:SourceArn"
+      values   = [module.eventbridge.event_bus_arn]
+    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -32,5 +32,11 @@ data "aws_iam_policy_document" "sqs_print_analyser" {`
`32`	`32`	`resources = [`
`33`	`33`	`"arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-print-analyser-queue"`
`34`	`34`	`]`
	`35`	`+`
	`36`	`+ condition {`
	`37`	`+ test = "ArnEquals"`
	`38`	`+ variable = "aws:SourceArn"`
	`39`	`+ values = [module.eventbridge.event_bus_arn]`
	`40`	`+ }`
`35`	`41`	`}`
`36`	`42`	`}`