forked from terraform-aws-modules/terraform-aws-sns
-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
59 lines (54 loc) · 2.16 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
resource "aws_sns_topic" "this" {
count = var.create_sns_topic ? 1 : 0
name = var.name
name_prefix = var.name_prefix
display_name = var.display_name
policy = var.policy
delivery_policy = var.delivery_policy
application_success_feedback_role_arn = var.application_success_feedback_role_arn
application_success_feedback_sample_rate = var.application_success_feedback_sample_rate
application_failure_feedback_role_arn = var.application_failure_feedback_role_arn
http_success_feedback_role_arn = var.http_success_feedback_role_arn
http_success_feedback_sample_rate = var.http_success_feedback_sample_rate
http_failure_feedback_role_arn = var.http_failure_feedback_role_arn
lambda_success_feedback_role_arn = var.lambda_success_feedback_role_arn
lambda_success_feedback_sample_rate = var.lambda_success_feedback_sample_rate
lambda_failure_feedback_role_arn = var.lambda_failure_feedback_role_arn
sqs_success_feedback_role_arn = var.sqs_success_feedback_role_arn
sqs_success_feedback_sample_rate = var.sqs_success_feedback_sample_rate
sqs_failure_feedback_role_arn = var.sqs_failure_feedback_role_arn
kms_master_key_id = var.kms_master_key_id
tags = var.tags
}
resource "aws_iam_policy" "policy" {
name = "access-${lower(var.username)}-${lower(var.name)}-sns"
description = "Full access to the resource SNS"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish",
"sns:ListTopics",
"sns:Unsubscribe",
"sns:Subscribe",
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:ListSubscriptionsByTopic",
"sns:ConfirmSubscription"
],
"Resource": [
"${aws_sns_topic.this[0].arn}"
]
}
]
}
EOF
}
resource "aws_iam_policy_attachment" "policy-attach" {
name = "${lower(var.username)}-${lower(var.name)}-attachment"
users = [var.username]
policy_arn = "${aws_iam_policy.policy.arn}"
}