From f3d51c4c7c0d7bb19101ca93c03fa69f8f2578d6 Mon Sep 17 00:00:00 2001
From: Daniel Roth <daniel_roth@hotmail.co.uk>
Date: Tue, 10 Mar 2026 14:59:46 +0000
Subject: [PATCH] sqs permissions

---
 .../terraform/lambda/fast-api/main.tf         | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/infrastructure/terraform/lambda/fast-api/main.tf b/infrastructure/terraform/lambda/fast-api/main.tf
index 40e0f4f9..cb4c923d 100644
--- a/infrastructure/terraform/lambda/fast-api/main.tf
+++ b/infrastructure/terraform/lambda/fast-api/main.tf
@@ -120,12 +120,36 @@ module "fastapi" {
 ############################################
 # IAM policy attachments
 ############################################
-resource "aws_iam_role_policy_attachment" "fastapi_s3_read" {
+resource "aws_iam_role_policy_attachment" "fast_api_s3_read" {
   role       = module.fastapi.role_name
   policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_arn
 }
 
+module "fastapi_sqs_policy" {
+  source = "../../modules/generic_iam_policy"
+
+  policy_name        = "fastapi-sqs-send-${var.stage}"
+  policy_description = "Allow FastAPI to send messages to engine & categorisation queues"
+
+  actions = [
+    "sqs:SendMessage"
+  ]
+
+  resources = [
+    data.terraform_remote_state.engine.outputs.ara_engine_queue_arn,
+    data.terraform_remote_state.categorisation.outputs.categorisation_queue_arn
+  ]
+
+  conditions = null
+
+  tags = {
+    Service = "fastapi"
+    Stage   = var.stage
+  }
+}
+
+
 resource "aws_iam_role_policy_attachment" "fastapi_sqs_send" {
   role       = module.fastapi.role_name
-  policy_arn = data.terraform_remote_state.shared.outputs.fast_api_sqs_send_arn
+  policy_arn = module.fastapi_sqs_policy.policy_arn
 }
\ No newline at end of file