Model/backlog/tasks/task-8 - Grant-sqs-SendMessage-IAM-on-splitter-combiner-queues-to-backend-runtime.md

---
id: TASK-8
title: 'Grant sqs:SendMessage IAM on splitter + combiner queues to backend runtime'
status: Done
assignee: []
created_date: '2026-04-20'
updated_date: '2026-04-20 12:31'
labels:
  - infra
  - iam
  - terraform
dependencies:
  - TASK-1
  - TASK-2
priority: high
ordinal: 5000
---

## Description

<!-- SECTION:DESCRIPTION:BEGIN -->
Backend runtime role needs `sqs:SendMessage` + `sqs:GetQueueUrl` on:
- postcode_splitter queue ARN
- bulk_address2uprn_combiner queue ARN

Update terraform IAM policy under `infrastructure/terraform/` for backend service. Can revoke equivalent IAM from frontend runtime once refactor ships.
<!-- SECTION:DESCRIPTION:END -->

## Acceptance Criteria
<!-- AC:BEGIN -->
- [ ] #1 Terraform updated for staging + prod backend role
- [ ] #2 Verified via `aws sqs get-queue-url` using backend creds
- [ ] #3 Frontend IAM revoked after frontend refactor complete
<!-- AC:END -->