sqs permissions

infrastructure/terraform/lambda/fast-api/main.tf

@@ -120,12 +120,36 @@ module "fastapi" {
 ############################################
 # IAM policy attachments
 ############################################
-resource "aws_iam_role_policy_attachment" "fastapi_s3_read" {
+resource "aws_iam_role_policy_attachment" "fast_api_s3_read" {
   role       = module.fastapi.role_name
   policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_arn
 }
 
+module "fastapi_sqs_policy" {
+  source = "../../modules/generic_iam_policy"
+
+  policy_name        = "fastapi-sqs-send-${var.stage}"
+  policy_description = "Allow FastAPI to send messages to engine & categorisation queues"
+
+  actions = [
+    "sqs:SendMessage"
+  ]
+
+  resources = [
+    data.terraform_remote_state.engine.outputs.ara_engine_queue_arn,
+    data.terraform_remote_state.categorisation.outputs.categorisation_queue_arn
+  ]
+
+  conditions = null
+
+  tags = {
+    Service = "fastapi"
+    Stage   = var.stage
+  }
+}
+
+
 resource "aws_iam_role_policy_attachment" "fastapi_sqs_send" {
   role       = module.fastapi.role_name
-  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_sqs_send_arn
+  policy_arn = module.fastapi_sqs_policy.policy_arn
 }