70 lines
2.1 KiB
HCL
70 lines
2.1 KiB
HCL
data "aws_caller_identity" "this" {}
|
|
data "aws_region" "this" {}
|
|
|
|
resource "aws_sns_topic" "this" {
|
|
name = var.sns-topic-name
|
|
display_name = var.sns-topic-description
|
|
kms_master_key_id = var.kms-key-id
|
|
policy = jsonencode(
|
|
{
|
|
"Version" : "2008-10-17",
|
|
"Id" : "SnsTopicPolicy",
|
|
"Statement" : [
|
|
{
|
|
"Sid" : "SnsTopicAdmin",
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"AWS" : data.aws_caller_identity.this.account_id
|
|
},
|
|
"Action" : [
|
|
"SNS:GetTopicAttributes",
|
|
"SNS:SetTopicAttributes",
|
|
"SNS:AddPermission",
|
|
"SNS:RemovePermission",
|
|
"SNS:DeleteTopic",
|
|
"SNS:Subscribe",
|
|
"SNS:ListSubscriptionsByTopic",
|
|
"SNS:Publish",
|
|
"SNS:Receive"
|
|
],
|
|
"Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}",
|
|
"Condition" : {
|
|
"StringEquals" : {
|
|
"AWS:SourceOwner" : data.aws_caller_identity.this.account_id
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"Sid" : "AllowPublishing",
|
|
"Effect" : "Allow",
|
|
"Principal" : {
|
|
"${var.sender-type}" : var.sender
|
|
},
|
|
"Action" : "sns:Publish",
|
|
"Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}"
|
|
},
|
|
{
|
|
"Sid" : "AllowPublishThroughSSLOnly",
|
|
"Action" : "SNS:Publish",
|
|
"Effect" : "Deny",
|
|
"Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}",
|
|
"Condition" : {
|
|
"Bool" : {
|
|
"aws:SecureTransport" : "false"
|
|
}
|
|
},
|
|
"Principal" : "*"
|
|
}
|
|
]
|
|
}
|
|
)
|
|
}
|
|
|
|
resource "aws_sns_topic_subscription" "this" {
|
|
for_each = var.email-addresses
|
|
topic_arn = aws_sns_topic.this.arn
|
|
protocol = "email"
|
|
endpoint = each.value
|
|
}
|
|
|