Merge pull request #8761 from ministryofjustice/Update_221124_3

Update_221124_3
ministryofjustice · Nov 22, 2024 · c8707a6 · c8707a6
2 parents e354690 + 99d1968
commit c8707a6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 4 deletions.
diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf
@@ -1172,15 +1172,34 @@ resource "aws_iam_policy" "iam_policy_for_lambda_cloudwatch_get_metric_data_dev"
   policy = jsonencode({
     "Version" : "2012-10-17",
     "Statement" : [{
+      "Sid" : "CloudwatchMetricPolicy",
       "Effect" : "Allow",
       "Action" : [
-        "cloudwatch:GetMetricData"
+        "cloudwatch:GetMetricData",
+        "cloudwatch:ListMetrics"
       ],
       "Resource" : [
         "arn:aws:ssm:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*"
       ]
       },
       {
+          "Sid" : "SQSPolicy",
+          "Effect" : "Allow",
+          "Action" : [
+            "sqs:ChangeMessageVisibility",
+            "sqs:DeleteMessage",
+            "sqs:GetQueueAttributes",
+            "sqs:GetQueueUrl",
+            "sqs:ListQueueTags",
+            "sqs:ReceiveMessage",
+            "sqs:SendMessage"
+          ],
+          "Resource" : [
+            "arn:aws:sqs:eu-west-2:${local.environment_management.account_ids["ppud-production"]}:Lambda-Queue-Production"
+          ]
+      },
+      {
+        "Sid" : "SESPolicy",
         "Effect" : "Allow",
         "Action" : [
           "ses:SendEmail"

diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf
@@ -236,11 +236,11 @@ resource "aws_lambda_function" "terraform_lambda_enable_cpu_alarm" {
 
 resource "aws_lambda_permission" "allow_cloudwatch_to_call_lambda_terminate_cpu_process_dev" {
   count         = local.is-development == true ? 1 : 0
-  statement_id  = "AllowExecutionFromCloudWatch"
+  statement_id  = "AllowCloudWatchAccess"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.terraform_lambda_func_terminate_cpu_process_dev[0].function_name
-  principal     = "lambda.alarms.cloudwatch.amazonaws.com"
-  source_arn    = "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:alarm:*"
+  principal     = "cloudwatch.amazonaws.com"
+  source_arn    = "arn:aws:cloudwatch:eu-west-2:${local.environment_management.account_ids["ppud-development"]}:*"
 }
 
 resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_dev" {