data "aws_caller_identity" "this" {} data "aws_region" "this" {} resource "aws_sns_topic" "this" { name = var.sns-topic-name display_name = var.sns-topic-description kms_master_key_id = var.kms-key-id policy = jsonencode( { "Version" : "2008-10-17", "Id" : "SnsTopicPolicy", "Statement" : [ { "Sid" : "SnsTopicAdmin", "Effect" : "Allow", "Principal" : { "AWS" : data.aws_caller_identity.this.account_id }, "Action" : [ "SNS:GetTopicAttributes", "SNS:SetTopicAttributes", "SNS:AddPermission", "SNS:RemovePermission", "SNS:DeleteTopic", "SNS:Subscribe", "SNS:ListSubscriptionsByTopic", "SNS:Publish", "SNS:Receive" ], "Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}", "Condition" : { "StringEquals" : { "AWS:SourceOwner" : data.aws_caller_identity.this.account_id } } }, { "Sid" : "AllowPublishing", "Effect" : "Allow", "Principal" : { "${var.sender-type}" : var.sender }, "Action" : "sns:Publish", "Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}" }, { "Sid" : "AllowPublishThroughSSLOnly", "Action" : "SNS:Publish", "Effect" : "Deny", "Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}", "Condition" : { "Bool" : { "aws:SecureTransport" : "false" } }, "Principal" : "*" } ] } ) } resource "aws_sns_topic_subscription" "this" { for_each = var.email-addresses topic_arn = aws_sns_topic.this.arn protocol = "email" endpoint = each.value }