From fcd5c8771549c3ed1bb8f86381330a8490dc39bc Mon Sep 17 00:00:00 2001
From: Long Nguyen <nguyenduclong@msn.com>
Date: Tue, 17 Oct 2023 09:26:23 +0700
Subject: [PATCH] [#103] Add the template files for SNS module

---
 templates/addons/aws/modules/sns/main.tf      | 53 +++++++++++++++++++
 templates/addons/aws/modules/sns/outputs.tf   |  4 ++
 templates/addons/aws/modules/sns/variables.tf |  9 ++++
 3 files changed, 66 insertions(+)
 create mode 100644 templates/addons/aws/modules/sns/main.tf
 create mode 100644 templates/addons/aws/modules/sns/outputs.tf
 create mode 100644 templates/addons/aws/modules/sns/variables.tf

diff --git a/templates/addons/aws/modules/sns/main.tf b/templates/addons/aws/modules/sns/main.tf
new file mode 100644
index 00000000..7988668b
--- /dev/null
+++ b/templates/addons/aws/modules/sns/main.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "sns_platform_assume_role_policy" {
+  statement {
+    sid     = "SnsPlatformAssumeRolePolicy"
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["sns.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "sns_platform_log_policy" {
+  statement {
+    sid    = "LogMobilePushNotificationsPolicy"
+    effect = "Allow"
+
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:PutMetricFilter",
+      "logs:PutRetentionPolicy"
+    ]
+
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_role" "sns_platform_role" {
+  name = "${var.namespace}-sns-platform-log-role"
+
+  assume_role_policy = data.aws_iam_policy_document.sns_platform_assume_role_policy.json
+}
+
+resource "aws_iam_policy" "sns_platform_log_policy" {
+  name   = "${var.namespace}-platform-log-policy"
+  policy = data.aws_iam_policy_document.sns_platform_log_policy.json
+}
+
+resource "aws_iam_role_policy_attachment" "sns_platform_log_policy" {
+  role       = aws_iam_role.sns_platform_role.name
+  policy_arn = aws_iam_policy.sns_platform_log_policy.arn
+}
+
+resource "aws_sns_platform_application" "mobile_push_notifications" {
+  name                      = "${var.namespace}-mobile-push-notifications"
+  platform                  = "GCM"
+  failure_feedback_role_arn = aws_iam_role.sns_platform_role.arn
+  success_feedback_role_arn = aws_iam_role.sns_platform_role.arn
+  platform_credential       = var.firebase_cloud_messaging_api_key
+}
diff --git a/templates/addons/aws/modules/sns/outputs.tf b/templates/addons/aws/modules/sns/outputs.tf
new file mode 100644
index 00000000..314859f0
--- /dev/null
+++ b/templates/addons/aws/modules/sns/outputs.tf
@@ -0,0 +1,4 @@
+output "aws_sns_plaform_mobile_push_notifications_arn" {
+  description = "ARN of SNS Plaform for mobile push notifications"
+  value       = aws_sns_platform_application.mobile_push_notifications.arn
+}
diff --git a/templates/addons/aws/modules/sns/variables.tf b/templates/addons/aws/modules/sns/variables.tf
new file mode 100644
index 00000000..694f610d
--- /dev/null
+++ b/templates/addons/aws/modules/sns/variables.tf
@@ -0,0 +1,9 @@
+variable "namespace" {
+  description = "The namespace with environment for SNS"
+  type        = string
+}
+
+variable "firebase_cloud_messaging_api_key" {
+  description = "Application Platform API key for FCM"
+  type        = string
+}