updating sqs perms and triggers

ministryofjustice · Jan 2, 2025 · c0b4a29 · c0b4a29
1 parent d4bfedc
commit c0b4a29
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 7 deletions.
diff --git a/terraform/environments/electronic-monitoring-data/lambda_triggers.tf b/terraform/environments/electronic-monitoring-data/lambda_triggers.tf
@@ -3,16 +3,16 @@
 # ---------------------------------------
 resource "aws_sns_topic_subscription" "live_serco_fms_sns_subscription" {
   topic_arn = aws_sns_topic.live_serco_fms_s3_events.arn
-  protocol  = "lambda"
-  endpoint  = module.format_json_fms_data.lambda_function_arn
+  protocol  = "sqs"
+  endpoint  = module.format_json_fms_data.lambda_dlq_arn
 }
 
 resource "aws_lambda_permission" "live_serco_fms_with_sns" {
   statement_id  = "LiveServcoFMSLambdaAllowExecutionFromSNS"
   action        = "lambda:InvokeFunction"
   function_name = module.format_json_fms_data.lambda_function_name
   principal     = "sns.amazonaws.com"
-  source_arn    = aws_sns_topic.live_serco_fms_s3_events.arn
+  source_arn    = module.format_json_fms_data.lambda_dlq_arn
 }
 
 
@@ -21,14 +21,14 @@ resource "aws_lambda_permission" "live_serco_fms_with_sns" {
 # ---------------------------------------
 resource "aws_sns_topic_subscription" "historic_sns_subscription" {
   topic_arn = aws_sns_topic.historic_s3_events.arn
-  protocol  = "lambda"
-  endpoint  = module.calculate_checksum.lambda_function_arn
+  protocol  = "sqs"
+  endpoint  = module.calculate_checksum.lambda_dlq_arn
 }
 
 resource "aws_lambda_permission" "historic_with_sns" {
   statement_id  = "ChecksumLambdaAllowExecutionFromHistoricDataSNS"
   action        = "lambda:InvokeFunction"
   function_name = module.calculate_checksum.lambda_function_name
   principal     = "sns.amazonaws.com"
-  source_arn    = aws_sns_topic.historic_s3_events.arn
+  source_arn    = module.calculate_checksum.lambda_dlq_arn
 }
diff --git a/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf b/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf
@@ -80,7 +80,10 @@ data "aws_iam_policy_document" "lambda_dlq_policy" {
     actions = [
       "sqs:SendMessage",
       "sqs:GetQueueAttributes",
-      "sqs:GetQueueUrl"
+      "sqs:GetQueueUrl",
+      "sqs:ReceiveMessage",
+      "sqs:DeleteMessage",
+      "sqs:ChangeMessageVisibility"
     ]
     resources = [aws_sqs_queue.lambda_dlq.arn]
   }

diff --git a/terraform/environments/electronic-monitoring-data/modules/lambdas/output.tf b/terraform/environments/electronic-monitoring-data/modules/lambdas/output.tf
@@ -9,3 +9,7 @@ output "lambda_function_arn" {
 output "lambda_function_invoke_arn" {
   value = aws_lambda_function.this.invoke_arn
 }
+
+output "lambda_function_dlq_arn" {
+  value = aws_sqs_queue.lambda_dlq.arn
+}