diff --git a/terraform/aws/analytical-platform-development/control-panel-message-broker/data.tf b/terraform/aws/analytical-platform-development/control-panel-message-broker/data.tf
index 7d0402ea17..dc86384272 100644
--- a/terraform/aws/analytical-platform-development/control-panel-message-broker/data.tf
+++ b/terraform/aws/analytical-platform-development/control-panel-message-broker/data.tf
@@ -1,7 +1,6 @@
-data "aws_iam_policy_document" "sqs_policy" {
+data "aws_iam_policy_document" "source" {
   statement {
     sid = "InboundManagementSqsMessages"
-
     actions = [
       "sqs:GetQueueAttributes",
       "sqs:GetQueueUrl",
@@ -10,9 +9,29 @@ data "aws_iam_policy_document" "sqs_policy" {
       "sqs:SendMessage"
     ]
 
+    resources = ["*"]
+
     principals {
       type        = "AWS"
       identifiers = [local.control_panel_api_arn]
     }
   }
 }
+data "aws_iam_policy_document" "sqs_iam" {
+  source_policy_documents = [data.aws_iam_policy_document.source.json]
+  statement {
+    resources = [aws_sqs_queue.iam.arn]
+  }
+}
+data "aws_iam_policy_document" "sqs_s3" {
+  source_policy_documents = [data.aws_iam_policy_document.source.json]
+  statement {
+    resources = [aws_sqs_queue.s3.arn]
+  }
+}
+data "aws_iam_policy_document" "sqs_auth" {
+  source_policy_documents = [data.aws_iam_policy_document.source.json]
+  statement {
+    resources = [aws_sqs_queue.auth.arn]
+  }
+}
diff --git a/terraform/aws/analytical-platform-development/control-panel-message-broker/iam-policies.tf b/terraform/aws/analytical-platform-development/control-panel-message-broker/iam-policies.tf
index 6e1223f0ef..3bbc4d3a74 100644
--- a/terraform/aws/analytical-platform-development/control-panel-message-broker/iam-policies.tf
+++ b/terraform/aws/analytical-platform-development/control-panel-message-broker/iam-policies.tf
@@ -1,14 +1,14 @@
 resource "aws_sqs_queue_policy" "s3" {
   queue_url = aws_sqs_queue.s3.id
-  policy    = data.aws_iam_policy_document.sqs_policy.json
+  policy    = data.aws_iam_policy_document.sqs_s3.json
 }
 
 resource "aws_sqs_queue_policy" "iam" {
   queue_url = aws_sqs_queue.iam.id
-  policy    = data.aws_iam_policy_document.sqs_policy.json
+  policy    = data.aws_iam_policy_document.sqs_iam.json
 }
 
 resource "aws_sqs_queue_policy" "auth" {
   queue_url = aws_sqs_queue.auth.id
-  policy    = data.aws_iam_policy_document.sqs_policy.json
+  policy    = data.aws_iam_policy_document.sqs_auth.json
 }