[PLT-1390] Adding SQS queue policy to alarm-to-slack service.

[jscott-nava]

🎫 Ticket

https://jira.cms.gov/browse/PLT-1390

🛠 Changes

This PR adds an IAM policy to the alarm-to-slack service queue to allow access from SNS.

ℹ️ Context

This change is required in conjunction with the creation of SNS subscriptions to various CloudWatch alarms topics in order to complete the implementation of the alarm-to-slack service.

🧪 Validation

The following plan was applied to the non-prod account:

OpenTofu will perform the following actions:

  # module.sns_to_slack_queue.aws_sqs_queue_policy.this[0] will be created
  + resource "aws_sqs_queue_policy" "this" {
      + id        = (known after apply)
      + policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "SQS:SendMessage"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "sns.amazonaws.com"
                        }
                      + Resource  = "arn:aws:sqs:us-east-1:xxxxxxxxxxxx:bcda-test-alarm-to-slack"
                      + Sid       = "user_updates_sqs_target"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + queue_url = "https://sqs.us-east-1.amazonaws.com/xxxxxxxxxxxx/bcda-test-alarm-to-slack"
      + region    = "us-east-1"
    }

Plan: 1 to add, 0 to change, 0 to destroy.