Created
March 22, 2023 07:52
-
-
Save pen-pal/9c8a95dc24fd04c5245bc8678b2739f3 to your computer and use it in GitHub Desktop.
sns topic terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
output "sns_topic" { | |
value = aws_sns_topic.this | |
description = "SNS topic" | |
} | |
output "aws_sns_topic_subscriptions" { | |
value = aws_sns_topic_subscription.this | |
description = "SNS topic subscriptions" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "subscribers_protocol" { | |
type = string | |
default = "email" | |
} | |
variable "subscribers_endpoint" { | |
type = string | |
default = "devops@innovatetech.io" | |
} | |
variable "subscribers_endpoint_auto_confirms" { | |
type = bool | |
default = true | |
} | |
variable "subscribers_raw_message_delivery" { | |
type = bool | |
default = false | |
} | |
variable "kms_master_key_id" { | |
type = string | |
description = "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK." | |
default = "alias/aws/sns" | |
} | |
variable "encryption_enabled" { | |
type = bool | |
description = "Whether or not to use encryption for SNS Topic. If set to `true` and no custom value for KMS key (kms_master_key_id) is provided, it uses the default `alias/aws/sns` KMS key." | |
default = false | |
} | |
variable "sns_topic_policy_json" { | |
type = string | |
description = "The fully-formed AWS policy as JSON" | |
default = "" | |
} | |
variable "delivery_policy" { | |
type = string | |
description = "The SNS delivery policy as JSON." | |
default = null | |
} | |
variable "name" { | |
type = string | |
description = "Name of the sns topic you want to create" | |
} | |
variable "enabled" { | |
type = bool | |
default = true | |
description = "either to create or not create resource" | |
} | |
variable "create_subscription" { | |
type = bool | |
default = false | |
description = "either to create subscription for that particular resource or not" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
data "aws_caller_identity" "current" {} | |
locals { | |
enabled = var.enabled | |
kms_key_id = local.enabled && var.encryption_enabled && var.kms_master_key_id != "" ? var.kms_master_key_id : "" | |
} | |
resource "aws_sns_topic" "this" { | |
name = var.name | |
display_name = replace(var.name, ".", "-") | |
kms_master_key_id = local.kms_key_id | |
delivery_policy = var.delivery_policy | |
} | |
resource "aws_sns_topic_subscription" "this" { | |
count = var.create_subscription ? 1 : 0 | |
topic_arn = aws_sns_topic.this.arn | |
protocol = var.subscribers_protocol | |
endpoint = var.subscribers_endpoint | |
endpoint_auto_confirms = var.subscribers_endpoint_auto_confirms | |
raw_message_delivery = var.subscribers_raw_message_delivery | |
} | |
resource "aws_sns_topic_policy" "this" { | |
arn = aws_sns_topic.this.arn | |
policy = length(var.sns_topic_policy_json) > 0 ? var.sns_topic_policy_json : data.aws_iam_policy_document.aws_sns_topic_policy.json | |
} | |
data "aws_iam_policy_document" "aws_sns_topic_policy" { | |
policy_id = "SNSTopicsPub" | |
statement { | |
effect = "Allow" | |
actions = [ | |
"SNS:Subscribe", | |
"SNS:SetTopicAttributes", | |
"SNS:RemovePermission", | |
"SNS:Receive", | |
"SNS:Publish", | |
"SNS:ListSubscriptionsByTopic", | |
"SNS:GetTopicAttributes", | |
"SNS:DeleteTopic", | |
"SNS:AddPermission", | |
] | |
resources = [aws_sns_topic.this.arn] | |
principals { | |
type = "AWS" | |
identifiers = ["*"] | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment