Try this

Author: stevebux

infrastructure/terraform/components/api/lambda_event_source_mapping_forwarder.tf

@@ -0,0 +1,8 @@
+resource "aws_lambda_event_source_mapping" "supplier_events_forwarder" {
+  event_source_arn                   = module.supplier_events_queue.sqs_queue_arn
+  function_name                      = module.supplier_events_forwarder_lambda.function_arn
+  batch_size                         = 10
+  function_response_types = [
+    "ReportBatchItemFailures"
+  ]
+  }

infrastructure/terraform/components/api/module_sqs_letter_updates.tf

@@ -18,30 +18,6 @@ module "sqs_letter_updates" {
 
 data "aws_iam_policy_document" "letter_updates_queue_policy" {
   version = "2012-10-17"
-  statement {
-    sid    = "AllowSNSToSendMessage"
-    effect = "Allow"
-
-    principals {
-      type        = "Service"
-      identifiers = ["sns.amazonaws.com"]
-    }
-
-    actions = [
-      "sqs:SendMessage"
-    ]
-
-    resources = [
-      "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
-    ]
-
-    condition {
-      test     = "ArnEquals"
-      variable = "aws:SourceArn"
-      values   = [module.eventsub.sns_topic.arn]
-    }
-  }
-
   statement {
     sid    = "AllowSNSPermissions"
     effect = "Allow"

infrastructure/terraform/components/api/module_sqs_supplier_events_queue.tf

@@ -16,10 +16,10 @@ module "supplier_events_queue" {
   sqs_policy_overload = data.aws_iam_policy_document.supplier_events_queue_policy.json
 }
 
-data "aws_iam_policy_document" "supplier_events_queue_policy" {
+data "aws_iam_policy_document" "letter_updates_queue_policy" {
   version = "2012-10-17"
   statement {
-    sid    = "AllowSNSToSendSupplierEvents"
+    sid    = "AllowSNSPermissions"
     effect = "Allow"
 
     principals {
@@ -28,17 +28,22 @@ data "aws_iam_policy_document" "supplier_events_queue_policy" {
     }
 
     actions = [
-      "sqs:SendMessage"
+      "sqs:SendMessage",
+      "sqs:ListQueueTags",
+      "sqs:GetQueueUrl",
+      "sqs:GetQueueAttributes",
     ]
 
     resources = [
-      "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-supplier-events-queue"
+      "arn:aws:sqs:${var.region}:${var.aws_account_id}:${var.project}-${var.environment}-${var.component}-letter-updates-queue"
     ]
 
     condition {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
-      values   = [module.eventsub.sns_topic_clone.arn]
+      values   = [
+        module.eventsub.sns_topic_clone.arn
+      ]
     }
   }
 }

infrastructure/terraform/components/api/sns_topic_subscription_supplier_events_forwarder_lambda.tf

@@ -4,15 +4,3 @@ resource "aws_sns_topic_subscription" "supplier_events_queue" {
   endpoint             = module.supplier_events_queue.sqs_queue_arn
   raw_message_delivery = false
 }
-
-resource "aws_lambda_event_source_mapping" "supplier_events_forwarder" {
-  event_source_arn                   = module.supplier_events_queue.sqs_queue_arn
-  function_name                      = module.supplier_events_forwarder_lambda.function_arn
-  batch_size                         = 10
-  scaling_config { maximum_concurrency = 10 }
-
-  depends_on = [
-    module.supplier_events_queue,
-    module.supplier_events_forwarder_lambda
-  ]
-}