pen-pal/sns-outputs.tf

## sns-outputs.tf
output "sns_topic" {
  value       = aws_sns_topic.this
  description = "SNS topic"
}

output "aws_sns_topic_subscriptions" {
  value       = aws_sns_topic_subscription.this
  description = "SNS topic subscriptions"
}

## sns-variables.tf
variable "subscribers_protocol" {
  type    = string
  default = "email"
}
variable "subscribers_endpoint" {
  type    = string
  default = "devops@innovatetech.io"
}
variable "subscribers_endpoint_auto_confirms" {
  type    = bool
  default = true
}
variable "subscribers_raw_message_delivery" {
  type    = bool
  default = false
}

variable "kms_master_key_id" {
  type        = string
  description = "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK."
  default     = "alias/aws/sns"
}

variable "encryption_enabled" {
  type        = bool
  description = "Whether or not to use encryption for SNS Topic. If set to `true` and no custom value for KMS key (kms_master_key_id) is provided, it uses the default `alias/aws/sns` KMS key."
  default     = false
}


variable "sns_topic_policy_json" {
  type        = string
  description = "The fully-formed AWS policy as JSON"
  default     = ""
}

variable "delivery_policy" {
  type        = string
  description = "The SNS delivery policy as JSON."
  default     = null
}

variable "name" {
  type        = string
  description = "Name of the sns topic you want to create"
}

variable "enabled" {
  type        = bool
  default     = true
  description = "either to create or not create resource"
}

variable "create_subscription" {
  type        = bool
  default     = false
  description = "either to create subscription for that particular resource or not"
}

## sns.tf
data "aws_caller_identity" "current" {}

locals {
  enabled = var.enabled

  kms_key_id = local.enabled && var.encryption_enabled && var.kms_master_key_id != "" ? var.kms_master_key_id : ""
}

resource "aws_sns_topic" "this" {
  name              = var.name
  display_name      = replace(var.name, ".", "-")
  kms_master_key_id = local.kms_key_id
  delivery_policy   = var.delivery_policy
}


resource "aws_sns_topic_subscription" "this" {
  count                  = var.create_subscription ? 1 : 0
  topic_arn              = aws_sns_topic.this.arn
  protocol               = var.subscribers_protocol
  endpoint               = var.subscribers_endpoint
  endpoint_auto_confirms = var.subscribers_endpoint_auto_confirms
  raw_message_delivery   = var.subscribers_raw_message_delivery
}

resource "aws_sns_topic_policy" "this" {
  arn    = aws_sns_topic.this.arn
  policy = length(var.sns_topic_policy_json) > 0 ? var.sns_topic_policy_json : data.aws_iam_policy_document.aws_sns_topic_policy.json
}

data "aws_iam_policy_document" "aws_sns_topic_policy" {
  policy_id = "SNSTopicsPub"
  statement {
    effect = "Allow"
    actions = [
      "SNS:Subscribe",
      "SNS:SetTopicAttributes",
      "SNS:RemovePermission",
      "SNS:Receive",
      "SNS:Publish",
      "SNS:ListSubscriptionsByTopic",
      "SNS:GetTopicAttributes",
      "SNS:DeleteTopic",
      "SNS:AddPermission",
    ]
    resources = [aws_sns_topic.this.arn]

    principals {
      type        = "AWS"
      identifiers = ["*"]
    }
  }
}
	output "sns_topic" {
	value = aws_sns_topic.this
	description = "SNS topic"
	}

	output "aws_sns_topic_subscriptions" {
	value = aws_sns_topic_subscription.this
	description = "SNS topic subscriptions"
	}
	variable "subscribers_protocol" {
	type = string
	default = "email"
	}
	variable "subscribers_endpoint" {
	type = string
	default = "devops@innovatetech.io"
	}
	variable "subscribers_endpoint_auto_confirms" {
	type = bool
	default = true
	}
	variable "subscribers_raw_message_delivery" {
	type = bool
	default = false
	}

	variable "kms_master_key_id" {
	type = string
	description = "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK."
	default = "alias/aws/sns"
	}

	variable "encryption_enabled" {
	type = bool
	description = "Whether or not to use encryption for SNS Topic. If set to `true` and no custom value for KMS key (kms_master_key_id) is provided, it uses the default `alias/aws/sns` KMS key."
	default = false
	}


	variable "sns_topic_policy_json" {
	type = string
	description = "The fully-formed AWS policy as JSON"
	default = ""
	}

	variable "delivery_policy" {
	type = string
	description = "The SNS delivery policy as JSON."
	default = null
	}

	variable "name" {
	type = string
	description = "Name of the sns topic you want to create"
	}

	variable "enabled" {
	type = bool
	default = true
	description = "either to create or not create resource"
	}

	variable "create_subscription" {
	type = bool
	default = false
	description = "either to create subscription for that particular resource or not"
	}
	data "aws_caller_identity" "current" {}

	locals {
	enabled = var.enabled

	kms_key_id = local.enabled && var.encryption_enabled && var.kms_master_key_id != "" ? var.kms_master_key_id : ""
	}

	resource "aws_sns_topic" "this" {
	name = var.name
	display_name = replace(var.name, ".", "-")
	kms_master_key_id = local.kms_key_id
	delivery_policy = var.delivery_policy
	}


	resource "aws_sns_topic_subscription" "this" {
	count = var.create_subscription ? 1 : 0
	topic_arn = aws_sns_topic.this.arn
	protocol = var.subscribers_protocol
	endpoint = var.subscribers_endpoint
	endpoint_auto_confirms = var.subscribers_endpoint_auto_confirms
	raw_message_delivery = var.subscribers_raw_message_delivery
	}

	resource "aws_sns_topic_policy" "this" {
	arn = aws_sns_topic.this.arn
	policy = length(var.sns_topic_policy_json) > 0 ? var.sns_topic_policy_json : data.aws_iam_policy_document.aws_sns_topic_policy.json
	}

	data "aws_iam_policy_document" "aws_sns_topic_policy" {
	policy_id = "SNSTopicsPub"
	statement {
	effect = "Allow"
	actions = [
	"SNS:Subscribe",
	"SNS:SetTopicAttributes",
	"SNS:RemovePermission",
	"SNS:Receive",
	"SNS:Publish",
	"SNS:ListSubscriptionsByTopic",
	"SNS:GetTopicAttributes",
	"SNS:DeleteTopic",
	"SNS:AddPermission",
	]
	resources = [aws_sns_topic.this.arn]

	principals {
	type = "AWS"
	identifiers = ["*"]
	}
	}
	}