Skip to content

oozou/terraform-aws-sns

BranchesTags

Repository files navigation

terraform-aws-sns

Usage sns with sqs and email

locals {
  daft_name = format("%s-%s-%s", var.generic_info["prefix"], var.generic_info["environment"], var.generic_info["name"])
  name      = format("%s%s", local.daft_name, false ? ".fifo" : "")
}

module "sns" {
  source = "../terraform-aws-sns"

  prefix       = var.generic_info["prefix"]
  environment  = var.generic_info["environment"]
  name         = var.generic_info["name"]
  display_name = "God of Gor Don" # Default is "", name appear with message; no affect to resource arn

  # https://docs.aws.amazon.com/sns/latest/dg/sns-message-delivery-retries.html
  override_topic_delivery_policy = jsonencode({ # Default is "", use to override defualt topic deliver policy
    http = {
      defaultHealthyRetryPolicy = {
        minDelayTarget     = 10,
        maxDelayTarget     = 10,
        numRetries         = 10,
        numMaxDelayRetries = 0,
        numNoDelayRetries  = 0,
        numMinDelayRetries = 0,
        backoffFunction    = "linear"
      },
      disableSubscriptionOverrides = false,
    }
  })

  # Resource policy for AWS service
  additional_resource_policies = [] # Defautl is [], List of custom resource polciy; [data.aws_iam_policy_document.<name>.json]
  sns_permission_configuration = {  # Defautl is {}
    api_gateway_on_my_account = {
      pricipal = "apigateway.amazonaws.com"
    }
    api_gateway_from_another_account = {
      pricipal       = "apigateway.amazonaws.com"
      source_arn     = "arn:aws:execute-api:ap-southeast-1:557291115693:q6pwa6wgr6/*/*/"
      source_account = "557291115693"
    }
  }

  # Send message to
  subscription_configurations = {
    sqs_from_my_account = {
      protocol = "sqs"
      endpoint = aws_sqs_queue.sqs.arn
    }
    email = {
      protocol        = "email"
      addresses       = ["[email protected]", "[email protected]", "[email protected]"]
      delivery_policy = jsonencode(var.override_topic_delivery_policy)
      filter_policy   = jsonencode(var.dev_filter_polciy)
    }
    email_admin = {
      protocol      = "email"
      addresses     = ["[email protected]"]
      filter_policy = jsonencode(var.admin_filter_polciy)
    }
    connect_to_custom_httpss = {
      protocol = "https"
      endpoint = "https://www.google.com"
    }
  }

  # KMS
  is_enable_encryption = true # Default is true
  is_create_kms        = true # Default is true
  exist_kms_key_arn    = ""   # Default is "", require when is_create_kms is false

  # Message order
  is_fifo_topic                  = false # Default is false
  is_content_based_deduplication = false # Default is false, can change when is_fifo_topic is true

  tags = var.generic_info["custom_tags"]
}

data "aws_iam_policy_document" "sqs_queue_policy" {
  statement {
    sid    = "AllowSendMessageFrom"
    effect = "Allow"
    principals {
      type        = "AWS"
      identifiers = ["*"]
    }
    actions = [
      "SQS:SendMessage",
    ]
    resources = [
      # Artifically created by format() string
      format("arn:aws:sqs:%s:%s:%s", data.aws_region.this.name, data.aws_caller_identity.this.account_id, local.name)
    ]
    condition {
      test     = "ArnEquals"
      variable = "aws:SourceArn"
      values = [
        format("arn:aws:sns:%s:%s:%s", data.aws_region.this.name, data.aws_caller_identity.this.account_id, local.name)
      ]
    }
  }
}

resource "aws_sqs_queue" "sqs" {
  name                      = local.name
  policy                    = data.aws_iam_policy_document.sqs_queue_policy.json
  delay_seconds             = 90
  max_message_size          = 2048
  message_retention_seconds = 86400
  receive_wait_time_seconds = 10

  tags = var.generic_info["custom_tags"]
}

resource "aws_sns_topic_subscription" "sns_topic" {
  topic_arn = module.sns.sns_topic_arn
  protocol  = "sqs"
  endpoint  = aws_sqs_queue.sqs.arn
}
  • The above subscription will create with follow configuration
local.subscription = {
  "connect_to_custom_httpss" = {
    "protocol" = "https"
    "endpoint" = "https://www.google.com"
  }
  "email_0" = {
    "delivery_policy" = jsonencode(var.override_topic_delivery_policy)
    "protocol" = "email"
    "endpoint" = "[email protected]"
    "filter_policy" = jsonencode(var.dev_filter_polciy)
    "topic" = "email"
  }
  "email_1" = {
    "delivery_policy" = jsonencode(var.override_topic_delivery_policy)
    "protocol" = "email"
    "endpoint" = "[email protected]"
    "filter_policy" = jsonencode(var.dev_filter_polciy)
    "topic" = "email"
  }
  "email_2" = {
    "delivery_policy" = jsonencode(var.override_topic_delivery_policy)
    "protocol" = "email"
    "endpoint" = "[email protected]"
    "filter_policy" = jsonencode(var.dev_filter_polciy)
    "topic" = "email"
  }
  "email_admin_3" = {
    "protocol" = "email"
    "endpoint" = "[email protected]"
    "filter_policy" = jsonencode(var.admin_filter_polciy)
    "topic" = "email_admin"
  }
}

Requirements

Name Version
terraform >= 1.0.0
aws >= 4.0

Providers

Name Version
aws >= 4.0

Modules

Name Source Version
kms oozou/kms-key/aws 1.0.0

Resources

Name Type
aws_sns_topic.this resource
aws_sns_topic_subscription.this resource
aws_caller_identity.this data source
aws_iam_policy_document.additional_resource_policy data source
aws_iam_policy_document.allow_subscribe_policy data source
aws_iam_policy_document.owner_policy data source
aws_iam_policy_document.this data source
aws_region.this data source

Inputs

Name Description Type Default Required
additional_kms_key_policies Additional IAM policies block, input as data source. Ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document list(string) [] no
additional_resource_policies Additional IAM policies block, input as data source. Ref: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document list(string) [] no
application_failure_feedback_role_arn IAM role for failure feedback string null no
application_success_feedback_role_arn The IAM role permitted to receive success feedback for this topic string null no
application_success_feedback_sample_rate Percentage of success to sample string null no
default_deliver_policy The default deliver policy for SNS any 
{
  "http": {
    "defaultHealthyRetryPolicy": {
      "backoffFunction": "linear",
      "maxDelayTarget": 20,
      "minDelayTarget": 20,
      "numMaxDelayRetries": 0,
      "numMinDelayRetries": 0,
      "numNoDelayRetries": 0,
      "numRetries": 3
    },
    "disableSubscriptionOverrides": false
  }
}
 no
display_name The display name for the SNS topic string "" no
environment Environment Variable used as a prefix string n/a yes
exist_kms_key_arn The Amazon Resource Name (ARN) of the key. string "" no
http_failure_feedback_role_arn IAM role for failure feedback string null no
http_success_feedback_role_arn The IAM role permitted to receive success feedback for this topic string null no
http_success_feedback_sample_rate Percentage of success to sample string null no
is_content_based_deduplication Boolean indicating whether or not to enable content-based deduplication for FIFO topics. bool false no
is_create_kms Specifies whether kms will be created by this module or not bool true no
is_enable_encryption Specifies whether the DB instance is encrypted bool true no
is_fifo_topic Boolean indicating whether or not to create a FIFO (first-in-first-out) topic bool false no
lambda_failure_feedback_role_arn IAM role for failure feedback string null no
lambda_success_feedback_role_arn The IAM role permitted to receive success feedback for this topic string null no
lambda_success_feedback_sample_rate Percentage of success to sample string null no
name Name of resource string n/a yes
override_topic_delivery_policy Overide the default deliver policy with jsonencode(map) string "" no
prefix The prefix name of customer to be displayed in AWS console and resource string n/a yes
sns_permission_configuration Enable thing to Publish to this service
principal - (Required) The principal who is getting this permission e.g., s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com.
source_arn - (Optional) When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to. Without this, any resource from
source_account - (Optional) This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner.		 any {} no
sqs_failure_feedback_role_arn IAM role for failure feedback string null no
sqs_success_feedback_role_arn The IAM role permitted to receive success feedback for this topic string null no
sqs_success_feedback_sample_rate Percentage of success to sample string null no
subscription_configurations Subscription infomation any {} no
tags Custom tags which can be passed on to the AWS resources. They should be key value pairs having distinct keys map(any) {} no

Outputs

Name Description
sns_topic_arn ARN of SNS topic
sns_topic_id ID of SNS topic
sns_topic_name NAME of SNS topic
sns_topic_owner OWNER of SNS topic
subscription Debug for subscription information

About

Terraform Component for AWS SNS

Topics

aws terraform aws-sns terraform-module terraform-public-module

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

1 fork
Report repository

Releases 2

v1.0.1 Latest
Sep 16, 2022
+ 1 release

Packages

No packages published

Contributors 5

Languages