waiyanwh/sns-delivery-status-logging.tf

## sns-delivery-status-logging.tf
resource "aws_cloudwatch_log_group" "example" {
  name = "example-log-group"
}

resource "aws_iam_policy" "example" {
  name = "example-policy"

  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = "logs:CreateLogStream",
        Resource = "${aws_cloudwatch_log_group.example.arn}/*",
        Effect = "Allow"
      },
      {
        Action = "logs:PutLogEvents",
        Resource = "${aws_cloudwatch_log_group.example.arn}/*",
        Effect = "Allow"
      }
    ]
  })
}

resource "aws_iam_role" "example" {
  name = "example-role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = "sts:AssumeRole",
        Principal = {
          Service = "sns.amazonaws.com"
        },
        Effect = "Allow"
      }
    ]
  })
}

resource "aws_sns_topic" "example" {
  name = "example-topic"

  delivery_policy = jsonencode({
    version = "2010-03-31",
    statement = [
      {
        resource = "${aws_cloudwatch_log_group.example.arn}",
        effect = "Allow",
        principals = {
          type = "Service",
          identifiers = ["sns.amazonaws.com"]
        },
        actions = ["logs:CreateLogStream", "logs:PutLogEvents"]
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "example" {
  role = aws_iam_role.example.name
  policy_arn = aws_iam_policy.example.arn
}
	resource "aws_cloudwatch_log_group" "example" {
	name = "example-log-group"
	}

	resource "aws_iam_policy" "example" {
	name = "example-policy"

	policy = jsonencode({
	Version = "2012-10-17",
	Statement = [
	{
	Action = "logs:CreateLogStream",
	Resource = "${aws_cloudwatch_log_group.example.arn}/*",
	Effect = "Allow"
	},
	{
	Action = "logs:PutLogEvents",
	Resource = "${aws_cloudwatch_log_group.example.arn}/*",
	Effect = "Allow"
	}
	]
	})
	}

	resource "aws_iam_role" "example" {
	name = "example-role"

	assume_role_policy = jsonencode({
	Version = "2012-10-17",
	Statement = [
	{
	Action = "sts:AssumeRole",
	Principal = {
	Service = "sns.amazonaws.com"
	},
	Effect = "Allow"
	}
	]
	})
	}

	resource "aws_sns_topic" "example" {
	name = "example-topic"

	delivery_policy = jsonencode({
	version = "2010-03-31",
	statement = [
	{
	resource = "${aws_cloudwatch_log_group.example.arn}",
	effect = "Allow",
	principals = {
	type = "Service",
	identifiers = ["sns.amazonaws.com"]
	},
	actions = ["logs:CreateLogStream", "logs:PutLogEvents"]
	}
	]
	})
	}

	resource "aws_iam_role_policy_attachment" "example" {
	role = aws_iam_role.example.name
	policy_arn = aws_iam_policy.example.arn
	}