swade1987/gist:c80cef29079255f052099ca232c0d96c Secret

## gistfile1.txt
# Create an SNS topic (and corresponding policy)

resource "aws_sns_topic" "this" {
  name_prefix       = "${var.database_name}-rds-threshold-alerts"
  kms_master_key_id = module.sns_encryption_key.key_arn
}

resource "aws_sns_topic_policy" "this" {
  arn    = aws_sns_topic.this.arn
  policy = data.aws_iam_policy_document.sns_topic_policy.json
}

data "aws_iam_policy_document" "sns_topic_policy" {
  policy_id = "__default_policy_ID"

  statement {
    sid = "__default_statement_ID"

    actions = [
      "SNS:Subscribe",
      "SNS:SetTopicAttributes",
      "SNS:RemovePermission",
      "SNS:Receive",
      "SNS:Publish",
      "SNS:ListSubscriptionsByTopic",
      "SNS:GetTopicAttributes",
      "SNS:DeleteTopic",
      "SNS:AddPermission",
    ]

    effect    = "Allow"
    resources = [aws_sns_topic.this.arn]

    principals {
      type        = "AWS"
      identifiers = ["*"]
    }

    condition {
      test     = "StringEquals"
      variable = "AWS:SourceOwner"

      values = [
        data.aws_caller_identity.default.account_id,
      ]
    }
  }

  statement {
    sid       = "Allow CloudwatchEvents"
    actions   = ["sns:Publish"]
    resources = [aws_sns_topic.this.arn]

    principals {
      type        = "Service"
      identifiers = ["events.amazonaws.com"]
    }
  }

  statement {
    sid       = "Allow RDS Event Notification"
    actions   = ["sns:Publish"]
    resources = [aws_sns_topic.this.arn]

    principals {
      type        = "Service"
      identifiers = ["rds.amazonaws.com"]
    }
  }
}

# Create an RDS event subscription

resource "aws_db_event_subscription" "default" {
  name_prefix = "${var.database_name}-rds-event-sub"
  sns_topic   = aws_sns_topic.this.arn

  source_type = "db-instance"
  source_ids = [
  var.database_instance_id]

  event_categories = [
    "availability",
    "creation",
    "failover",
    "failure",
    "low storage",
    "maintenance",
    "notification",
    "recovery",
  ]

  depends_on = [aws_sns_topic_policy.this]
}
	# Create an SNS topic (and corresponding policy)

	resource "aws_sns_topic" "this" {
	name_prefix = "${var.database_name}-rds-threshold-alerts"
	kms_master_key_id = module.sns_encryption_key.key_arn
	}

	resource "aws_sns_topic_policy" "this" {
	arn = aws_sns_topic.this.arn
	policy = data.aws_iam_policy_document.sns_topic_policy.json
	}

	data "aws_iam_policy_document" "sns_topic_policy" {
	policy_id = "__default_policy_ID"

	statement {
	sid = "__default_statement_ID"

	actions = [
	"SNS:Subscribe",
	"SNS:SetTopicAttributes",
	"SNS:RemovePermission",
	"SNS:Receive",
	"SNS:Publish",
	"SNS:ListSubscriptionsByTopic",
	"SNS:GetTopicAttributes",
	"SNS:DeleteTopic",
	"SNS:AddPermission",
	]

	effect = "Allow"
	resources = [aws_sns_topic.this.arn]

	principals {
	type = "AWS"
	identifiers = ["*"]
	}

	condition {
	test = "StringEquals"
	variable = "AWS:SourceOwner"

	values = [
	data.aws_caller_identity.default.account_id,
	]
	}
	}

	statement {
	sid = "Allow CloudwatchEvents"
	actions = ["sns:Publish"]
	resources = [aws_sns_topic.this.arn]

	principals {
	type = "Service"
	identifiers = ["events.amazonaws.com"]
	}
	}

	statement {
	sid = "Allow RDS Event Notification"
	actions = ["sns:Publish"]
	resources = [aws_sns_topic.this.arn]

	principals {
	type = "Service"
	identifiers = ["rds.amazonaws.com"]
	}
	}
	}

	# Create an RDS event subscription

	resource "aws_db_event_subscription" "default" {
	name_prefix = "${var.database_name}-rds-event-sub"
	sns_topic = aws_sns_topic.this.arn

	source_type = "db-instance"
	source_ids = [
	var.database_instance_id]

	event_categories = [
	"availability",
	"creation",
	"failover",
	"failure",
	"low storage",
	"maintenance",
	"notification",
	"recovery",
	]

	depends_on = [aws_sns_topic_policy.this]
	}