From ad0c31fc3e869c8c5f08c4d368a698e56817e460 Mon Sep 17 00:00:00 2001
From: Daniel Roth <daniel_roth@hotmail.co.uk>
Date: Fri, 17 Apr 2026 14:19:12 +0000
Subject: [PATCH] IAM role allowing hubspot etl to send message to pashub queue

---
 .../terraform/lambda/hubspot_deal_etl/main.tf | 21 +++++++++++++++++++
 .../terraform/lambda/pashub_to_ara/outputs.tf |  5 +++++
 2 files changed, 26 insertions(+)

diff --git a/infrastructure/terraform/lambda/hubspot_deal_etl/main.tf b/infrastructure/terraform/lambda/hubspot_deal_etl/main.tf
index e8762337..32f0ba31 100644
--- a/infrastructure/terraform/lambda/hubspot_deal_etl/main.tf
+++ b/infrastructure/terraform/lambda/hubspot_deal_etl/main.tf
@@ -55,4 +55,25 @@ module "hubspot_deal_etl" {
 resource "aws_iam_role_policy_attachment" "lambda_s3_policy" {
   role       = module.hubspot_deal_etl.role_name
   policy_arn = data.terraform_remote_state.shared.outputs.hubspot_etl_s3_read_and_write_arn
+}
+
+# Create and attach S3 send policy for PasHub Fetcher queue
+module "hubspot_deal_etl_sqs_policy" {
+  source = "../../modules/general_iam_policy"
+
+  policy_name        = "hubspot-deal-etl-sqs-send-${var.stage}"
+  policy_description = "Allow Hubspot ETL Lambda to send messages to PasHub Fetcher queue"
+
+  actions = [
+    "sqs:SendMessage"
+  ]
+
+  resources = [
+    data.terraform_remote_state.pashub_to_ara.outputs.pashub_to_ara_queue_arn
+  ]
+}
+
+resource "aws_iam_role_policy_attachment" "hubspot_deal_etl_sqs_send" {
+  role       = module.lambda.role_name
+  policy_arn = module.hubspot_deal_etl_sqs_policy.policy_arn
 }
\ No newline at end of file
diff --git a/infrastructure/terraform/lambda/pashub_to_ara/outputs.tf b/infrastructure/terraform/lambda/pashub_to_ara/outputs.tf
index d44b8763..584c9b63 100644
--- a/infrastructure/terraform/lambda/pashub_to_ara/outputs.tf
+++ b/infrastructure/terraform/lambda/pashub_to_ara/outputs.tf
@@ -2,3 +2,8 @@ output "pashub_to_ara_queue_url" {
     value       = module.lambda.queue_url
     description = "URL of the PasHub to Ara SQS queue"
 }
+
+output "pashub_to_ara_queue_arn" {
+    value       = module.lambda.queue_arn
+    description = "ARN of the PasHub to Ara SQS queue"
+}