Merge pull request #293 from communitiesuk/bau/assessment-import-queue

Explicitly allow access to read/delete from queue
communitiesuk · Nov 25, 2024 · 654a096 · 654a096
2 parents ba91d17 + b7270c2
commit 654a096
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/copilot/fsd-notification/addons/notification-queue-policy.yml b/copilot/fsd-notification/addons/notification-queue-policy.yml
@@ -0,0 +1,30 @@
+Parameters:
+  App:
+    Type: String
+    Description: Your application's name.
+  Env:
+    Type: String
+    Description: The environment name your service, job, or workflow is being deployed to.
+  Name:
+    Type: String
+    Description: The name of the service, job, or workflow being deployed.
+
+Resources:
+  NotificationQueuePolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Sid: NotificationQueuePolicy
+            Effect: Allow
+            Action:
+              - sqs:ReceiveMessage
+              - sqs:DeleteMessage
+            Resource:
+              - Fn::ImportValue: !Sub ${App}-${Env}-NotificationQueueArn
+
+Outputs:
+  NotificationQueuePolicyArn:
+    Description: "The ARN of the ManagedPolicy to attach to the task role."
+    Value: !Ref NotificationQueuePolicy