CCM-15020: Allow cross-domain publishing to SNS topic

Author: gareth-allan

infrastructure/terraform/components/dl/sns_topic.tf

@@ -1,3 +1,33 @@
 resource "aws_sns_topic" "main" {
   name = "${local.csi}-test"
+
+  policy = data.aws_iam_policy_document.sns_topic_policy_document.json
+}
+
+data "aws_iam_policy_document" "sns_topic_policy_document" {
+  statement {
+    sid    = "AllowCrossDomainEventBridgeToPublishMessageToSNS"
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${var.shared_infra_account_id}:root"]
+    }
+
+    actions = [
+      "sns:Publish",
+    ]
+
+    resources = [
+      aws_sns_topic.main.arn,
+    ]
+
+    condition {
+      test     = "ArnLike"
+      variable = "aws:SourceArn"
+      values = [
+        "arn:aws:events:${var.region}:${var.shared_infra_account_id}:rule/*-data-plane*"
+      ]
+    }
+  }
 }