fix: use role base policy instead of resource for SQS

Author: koneru9999

src/components/QueueLambda.ts

@@ -1,7 +1,6 @@
 import * as aws from '@pulumi/aws'
 import * as pulumi from '@pulumi/pulumi'
-import { LambdaFunctionArgs, LambdaFunction } from './LambdaFunction'
-import { SQSProcessPolicy } from './policies'
+import { LambdaFunction, LambdaFunctionArgs } from './LambdaFunction'
 
 export interface QueueLambdaArgs extends Omit<LambdaFunctionArgs, 'role'> {
   queue: aws.sqs.Queue
@@ -11,26 +10,47 @@ export interface QueueLambdaArgs extends Omit<LambdaFunctionArgs, 'role'> {
 export class QueueLambda extends pulumi.ComponentResource {
   readonly queue: aws.sqs.Queue
   readonly lambda: LambdaFunction
-  readonly queuePolicy: SQSProcessPolicy
 
   constructor(name: string, args: QueueLambdaArgs, opts?: pulumi.ComponentResourceOptions) {
     super('aws:components:QueueLambda', name, args, opts)
     const defaultParentOptions: pulumi.ResourceOptions = { parent: this }
     const { queue, queueBatchSize = 10, environment, ...lambdaArgs } = args
 
-    const sqsPolicyName = `${name}-policy-sqs`
-    this.queuePolicy = new SQSProcessPolicy(sqsPolicyName, { queueArn: queue.arn }, defaultParentOptions)
-
     this.lambda = new LambdaFunction(
       name,
       {
         ...lambdaArgs,
-        policyArns: [...(lambdaArgs.policyArns || []), this.queuePolicy.policy.arn],
         environment
       },
       defaultParentOptions
     )
 
+    const sqsPolicyName = `${name}-policy-sqs`
+    const sqsPolicy = new aws.iam.RolePolicy(
+      sqsPolicyName,
+      {
+        name: sqsPolicyName,
+        policy: {
+          Version: '2012-10-17',
+          Statement: [
+            {
+              Effect: 'Allow',
+              Action: [
+                'sqs:GetQueueUrl',
+                'sqs:ReceiveMessage',
+                'sqs:DeleteMessage',
+                'sqs:GetQueueAttributes',
+                'sqs:ChangeMessageVisibility'
+              ],
+              Resource: [queue.arn]
+            }
+          ]
+        },
+        role: this.lambda.role
+      },
+      { parent: this.lambda }
+    )
+
     queue.onEvent(
       `${name}-queue-event-subscription`,
       this.lambda.lambda,
@@ -43,7 +63,8 @@ export class QueueLambda extends pulumi.ComponentResource {
     this.queue = queue
 
     this.registerOutputs({
-      lambda: { name: this.lambda.lambda.name, arn: this.lambda.lambda.arn }
+      lambda: { name: this.lambda.lambda.name, arn: this.lambda.lambda.arn },
+      queuePolicy: { name: sqsPolicy.name }
     })
   }
 }