From 05bf0c132278e055c9fff5d2e6c90c480bc8a4ae Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Wed, 10 Sep 2025 17:35:04 +0100
Subject: [PATCH] terrform includes policy

---
 .../walthamforest_etl_lambda.tf               | 66 +++++++++----------
 1 file changed, 31 insertions(+), 35 deletions(-)

diff --git a/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf b/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
index 12b9aab..22f03aa 100644
--- a/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
+++ b/deployment/lambda/walthamforest_etl/walthamforest_etl_lambda.tf
@@ -16,42 +16,38 @@ resource "aws_sqs_queue" "walthamforest_etl_queue" {
 }
 
 
-# # IAM policy specific to this Lambda
-# resource "aws_iam_policy" "walthamforest_etl_policy" {
-#   name = "walthamforest_etl-loader-policy"
-
-#   policy = jsonencode({
-#     Version = "2012-10-17",
-#     Statement = [
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "sqs:ReceiveMessage",
-#           "sqs:DeleteMessage",
-#           "sqs:GetQueueAttributes"
-#         ],
-#         Resource = aws_sqs_queue.walthamforest_etl_queue.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = [
-#           "ecr:GetDownloadUrlForLayer",
-#           "ecr:BatchGetImage",
-#           "ecr:BatchCheckLayerAvailability"
-#         ],
-#         Resource = data.aws_ecr_repository.walthamforest_etl_ecr.arn
-#       },
-#       {
-#         Effect = "Allow",
-#         Action = ["ecr:GetAuthorizationToken"],
-#         Resource = "*"
-#       }
-#     ]
-#   })
-# }
-
-data "aws_iam_policy" "walthamforest_etl" {
+# IAM policy specific to this Lambda
+resource "aws_iam_policy" "walthamforest_etl_policy" {
   name = "walthamforest_etl-loader-policy"
+
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "sqs:ReceiveMessage",
+          "sqs:DeleteMessage",
+          "sqs:GetQueueAttributes"
+        ],
+        Resource = aws_sqs_queue.walthamforest_etl_queue.arn
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:BatchGetImage",
+          "ecr:BatchCheckLayerAvailability"
+        ],
+        Resource = data.aws_ecr_repository.walthamforest_etl_ecr.arn
+      },
+      {
+        Effect = "Allow",
+        Action = ["ecr:GetAuthorizationToken"],
+        Resource = "*"
+      }
+    ]
+  })
 }
 
 resource "aws_iam_role_policy_attachment" "walthamforest_etl_policy_attach" {