Skip to content

Instantly share code, notes, and snippets.

@rock7-gists

rock7-gists/cloudloop_sqs.tf

Created July 9, 2020 15:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rock7-gists/a818819999789ff897ecd5f4f21fa719 to your computer and use it in GitHub Desktop.
Save rock7-gists/a818819999789ff897ecd5f4f21fa719 to your computer and use it in GitHub Desktop.
Download ZIP
Copy and paste setup for Cloudloop SQS routes and creates a group which developers can be attached to
Raw
cloudloop_sqs.tf
locals {
rock7_arn = "arn:aws:iam::902942185257:role/Rock7CustomerSQS"
}
resource "aws_sqs_queue" "cloudloop_sqs_mo" {
name = "Rock7_MO"
}
resource "aws_sqs_queue" "cloudloop_sqs_mt" {
name = "Rock7_MT"
}
resource "aws_sqs_queue" "cloudloop_sqs_mt_confirm" {
name = "Rock7_MT_Confirm"
}
resource "aws_sqs_queue_policy" "cloudloop_sqs_mo" {
queue_url = aws_sqs_queue.cloudloop_sqs_mo.id
policy = data.aws_iam_policy_document.cloudloop_sqs_mo.json
}
data "aws_iam_policy_document" "cloudloop_sqs_mo" {
statement {
principals {
type = "AWS"
identifiers = [local.rock7_arn]
}
actions = [
"sqs:SendMessage",
"sqs:GetQueueUrl"
]
resources = [aws_sqs_queue.cloudloop_sqs_mo.arn]
}
}
resource "aws_sqs_queue_policy" "cloudloop_sqs_mt" {
queue_url = aws_sqs_queue.cloudloop_sqs_mt.id
policy = data.aws_iam_policy_document.cloudloop_sqs_mt.json
}
data "aws_iam_policy_document" "cloudloop_sqs_mt" {
statement {
principals {
type = "AWS"
identifiers = [local.rock7_arn]
}
actions = [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
]
resources = [aws_sqs_queue.cloudloop_sqs_mt.arn]
}
}
resource "aws_sqs_queue_policy" "cloudloop_sqs_mt_confirm" {
queue_url = aws_sqs_queue.cloudloop_sqs_mt_confirm.id
policy = data.aws_iam_policy_document.cloudloop_sqs_mt_confirm.json
}
data "aws_iam_policy_document" "cloudloop_sqs_mt_confirm" {
statement {
principals {
type = "AWS"
identifiers = [local.rock7_arn]
}
actions = [
"sqs:SendMessage",
"sqs:GetQueueUrl"
]
resources = [aws_sqs_queue.cloudloop_sqs_mt_confirm.arn]
}
}
Raw
developer_permissions.tf
resource "aws_iam_group" "cloudloop_sqs_developer" {
name = "CloudloopSQSDeveloper"
}
resource "aws_iam_group_policy" "cloudloop_sqs_developer" {
group = aws_iam_group.cloudloop_sqs_developer.name
policy = data.aws_iam_policy_document.cloudloop_sqs_developer.json
}
data "aws_iam_policy_document" "cloudloop_sqs_developer" {
statement {
actions = [
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
]
resources = [
aws_sqs_queue.cloudloop_sqs_mo.arn,
aws_sqs_queue.cloudloop_sqs_mt_confirm.arn
]
}
statement {
actions = ["sqs:SendMessage"]
resources = [aws_sqs_queue.cloudloop_sqs_mt.arn]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment