From 302fa06d86a799bcda850b94c63c1889756a82ce Mon Sep 17 00:00:00 2001
From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com>
Date: Fri, 1 May 2026 14:30:56 +0100
Subject: [PATCH 1/2] CCM-16644: Update Digital Letters reporting rules
 permissions

---
 .../events/cloudwatch_event_rule_digital_letters_reporting.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf b/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf
index 0ae078a..d06eeb2 100644
--- a/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf
+++ b/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf
@@ -50,7 +50,7 @@ resource "aws_iam_role_policy" "digital_letters_reporting" {
     Version = "2012-10-17"
     Statement = [{
       Effect   = "Allow"
-      Action   = "sns:Publish"
+      Action   = "SNS:Publish"
       Resource = var.event_target_arns["reporting"]
       },
       {
@@ -64,7 +64,7 @@ resource "aws_iam_role_policy" "digital_letters_reporting" {
         Resource = "arn:aws:kms:${var.region}:${var.reporting_data_cross_account_target.account_id}:key/*"
         Condition = {
           "ForAnyValue:StringEquals" = {
-            "kms:ResourceAliases" = "alias/nhs-${var.reporting_data_cross_account_target.environment}-reporting"
+            "kms:ResourceAliases" = "alias/nhs-notify-${var.reporting_data_cross_account_target.environment}-reporting-events-sns"
           }
         }
     }]

From 583d521038bd898f767df3662839f913595990b1 Mon Sep 17 00:00:00 2001
From: Gareth Allan <157592212+gareth-allan@users.noreply.github.com>
Date: Thu, 14 May 2026 16:48:17 +0100
Subject: [PATCH 2/2] CCM-16644: Update IAM policy for new KMS key name

---
 .../events/cloudwatch_event_rule_digital_letters_reporting.tf   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf b/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf
index d06eeb2..bd9be7f 100644
--- a/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf
+++ b/infrastructure/terraform/components/events/cloudwatch_event_rule_digital_letters_reporting.tf
@@ -64,7 +64,7 @@ resource "aws_iam_role_policy" "digital_letters_reporting" {
         Resource = "arn:aws:kms:${var.region}:${var.reporting_data_cross_account_target.account_id}:key/*"
         Condition = {
           "ForAnyValue:StringEquals" = {
-            "kms:ResourceAliases" = "alias/nhs-notify-${var.reporting_data_cross_account_target.environment}-reporting-events-sns"
+            "kms:ResourceAliases" = "alias/nhs-notify-${var.reporting_data_cross_account_target.environment}-reporting"
           }
         }
     }]