I am getting below error upon TF APPLY
**Error:** **setting SQS Queue (https://sqs.eu-central-1.amazonaws.com/xxxxxx/my_test_eu-central-1_sqsqueue) attribute (Policy): InvalidParameterValue: Value sqs:DeleteMessageBatch for parameter ActionName is invalid. Reason: Please refer to the appropriate WSDL for a list of valid actions.**
**Error:** **setting SQS Queue (https://sqs.eu-central-1.amazonaws.com/xxxxxx/my_test_eu-central-1_sqsqueue) attribute (Policy): InvalidParameterValue: Value kms:Decrypt for parameter ActionName is invalid. Reason: Please refer to the appropriate WSDL for a list of valid actions.**
My SQS policy:
> resource "aws_sqs_queue_policy" "sqspolicy" {
> count = "${var.is_enabled ? 1 : 0}"
> queue_url = aws_sqs_queue.sqs_queue.*.id[count.index]
> policy = <<POLICY
> {
> "Version": "2012-10-17",
> "Id": "sqs_policy",
> "Statement": [
> {
> "Sid": "Allow S3 bucket to write to queue",
> "Effect": "Allow",
> "Principal": {
> "Service": "s3.amazonaws.com"
> },
> "Action": "SQS:SendMessage",
> "Resource": "${aws_sqs_queue.sqs_queue.*.arn[count.index]}",
> "Condition": {
> "ArnEquals": {
> "aws:SourceArn": "${module.s3.s3bucket_arn}/*"
> }
> }
> },
> {
> "Sid": "Allow account running HostedFTP software to read from queue",
> "Effect": "Allow",
> "Principal": {
> "AWS": "arn:aws:iam::xxxxxxxxx:root"
> },
> "Action": [
> "SQS:DeleteMessage",
> "sqs:DeleteMessageBatch",
> "SQS:GetQueueAttributes",
> "SQS:ReceiveMessage"
> ],
> "Resource": "${aws_sqs_queue.sqs_queue.*.arn[count.index]}"
> },
> {
> "Sid": "Enable S3 to encrypt messages added to queue",
> "Effect": "Allow",
> "Principal": {
> "Service": "s3.amazonaws.com"
> },
> "Action": [
> "kms:GenerateDataKey",
> "kms:Decrypt"
> ],
> "Resource": "*"
> },
> {
> "Sid": "Enable cross-account access to HostedFTP software",
> "Effect": "Allow",
> "Principal": {
> "AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
> },
> "Action": "kms:Decrypt",
> "Resource": "*"
> }
> ]
> }
> POLICY
> }
Am I missing something? Would this be caused by a TF Provider issue?