chore(permission): narrow down sqs-sns (#39)

Co-authored-by:  Michael Samuel <sq-msamuel@users.noreply.github.com>

Author: iru

modules/infrastructure/sqs-sns-subscription/main.tf

@@ -23,6 +23,11 @@ data "aws_iam_policy_document" "this" {
       identifiers = ["sns.amazonaws.com"]
       type        = "Service"
     }
+    condition {
+      test     = "ArnEquals"
+      variable = "aws:SourceArn"
+      values   = [var.sns_topic_arn]
+    }
     actions = [
       "sqs:SendMessage",
       "sqs:SendMessageBatch"