From e29d53aaed885f47ab628809a4bde0cd44767442 Mon Sep 17 00:00:00 2001
From: Mathew Beales <44901249+matbeales@users.noreply.github.com>
Date: Wed, 7 Aug 2024 15:03:40 +0100
Subject: [PATCH] fix(terraform): vol5223 add iam policy statement to allow
 eventbridge (#221)

* fix(terraform): vol5223 add iam policy statement to allow eventbridge to kick off batch jobs

* docs: update Terraform docs

* fix(terraform): vol5223 fix formatting

* fix(terraform): vol5223 fix format of eventbridge iam policy

* docs: update Terraform docs

* fix(terraform): vol5223 fix format of eventbridge iam policy

* fix(terraform): vol5223 fix format of eventbridge iam policy

* docs: update Terraform docs

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 infra/terraform/modules/service/batch.tf | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
index 9c1decbd6c..fe4579b50f 100644
--- a/infra/terraform/modules/service/batch.tf
+++ b/infra/terraform/modules/service/batch.tf
@@ -130,8 +130,20 @@ module "eventbridge" {
   source  = "terraform-aws-modules/eventbridge/aws"
   version = "~> 3.7"
 
-  create_bus  = false
-  create_role = true
+  create_bus = false
+
+  create_role              = true
+  role_name                = "vol-app-${var.environment}-batch-scheduler"
+  attach_policy_statements = true
+  policy_statements = {
+    batch = {
+      effect = "Allow"
+      actions = [
+        "batch:SubmitJob"
+      ]
+      resources = [for job in module.batch.job_definitions : job.arn]
+    }
+  }
 
   schedules = local.schedules
 }