CMM-13767: Adding restriction

nhsd-angel-pastor · nhsd-angel-pastor · commit e56af5d55394 · 2026-01-29T15:41:09.000Z
diff --git a/infrastructure/terraform/components/dl/module_sqs_move_scanned_files.tf b/infrastructure/terraform/components/dl/module_sqs_move_scanned_files.tf
@@ -34,5 +34,11 @@ data "aws_iam_policy_document" "sqs_move_scanned_files" {
     resources = [
       "arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-move-scanned-files-queue"
     ]
+
+    condition {
+      test     = "ArnLike"
+      variable = "aws:SourceArn"
+      values   = [ "arn:aws:events:${var.region}:${var.aws_account_id}:event-bus/${default_cloudwatch_event_bus_name}" ]
+    }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -34,5 +34,11 @@ data "aws_iam_policy_document" "sqs_move_scanned_files" {`
`34`	`34`	`resources = [`
`35`	`35`	`"arn:aws:sqs:${var.region}:${var.aws_account_id}:${local.csi}-move-scanned-files-queue"`
`36`	`36`	`]`
	`37`	`+`
	`38`	`+ condition {`
	`39`	`+ test = "ArnLike"`
	`40`	`+ variable = "aws:SourceArn"`
	`41`	`+ values = [ "arn:aws:events:${var.region}:${var.aws_account_id}:event-bus/${default_cloudwatch_event_bus_name}" ]`
	`42`	`+ }`
`37`	`43`	`}`
`38`	`44`	`}`