Chore: [AEA-3831] - Add lambda execution policy (#70)

## Summary
- Routine Change

### Details
- Adds a lambda execution policy for the FHIR Validator

Author: Orkastrated

SAMtemplates/lambda_resources.yaml

@@ -25,6 +25,10 @@ Parameters:
   LambdaName:
     Type: String
     Description: Name of lambda we are creating for
+  LambdaArn:
+    Type: String
+    Description: Arn of lambda we are creating resources for.
+    Default: none
   LogRetentionDays:
     Type: Number
     Description: How long to keep logs for
@@ -58,6 +62,18 @@ Conditions:
   ShouldUseSplunk: !Equals [true, !Ref EnableSplunk]
 
 Resources:
+  ExecuteLambdaManagedPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Action:
+              - lambda:InvokeFunction
+            Resource:
+              - !Sub ${LambdaArn}:*
+
   LambdaRole:
     Type: "AWS::IAM::Role"
     Properties:
@@ -105,6 +121,11 @@ Resources:
       DestinationArn: !Ref SplunkDeliveryStream
 
 Outputs:
+  ExecuteLambdaPolicyArn:
+    Description: Lambda execution policy arn
+    Value: !GetAtt ExecuteLambdaManagedPolicy.PolicyArn
+    Export:
+      Name: !Join [":", [!Ref "AWS::StackName", "FHIRValidatorUKCoreExecuteLambdaPolicyArn"]]
   LambdaRoleArn:
     Description: "LambdaRole ARN"
     Value: !GetAtt LambdaRole.Arn

SAMtemplates/main_template.yaml

@@ -49,6 +49,7 @@ Resources:
         SplunkDeliveryStream: !ImportValue lambda-resources:SplunkDeliveryStream
         EnableSplunk: "true"
         LambdaName: !Sub "${AWS::StackName}-FHIRValidatorUKCore"
+        LambdaArn: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AWS::StackName}-FHIRValidatorUKCore
         LogRetentionDays: !Ref LogRetentionDays
 
   FHIRValidatorUKCore: