k8s-cluster/terraform/testbed/modules/main/sns.tf

module "sns_topic" {
  source           = "../sns_topic"
  create_sns_topic = var.create_sns_module

  policy            = data.aws_iam_policy_document.sns_topic_policy.json
  name              = "${var.prefix}-${var.name_of_topic}"
  kms_master_key_id = module.kms.key_id


}

data "aws_iam_policy_document" "sns_topic_policy" {
  statement {
    sid    = "Policy1"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = var.principles_for_policy_1
    }
    actions   = ["SNS:Publish"]
    resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
  }

  statement {
    sid    = "Policy2"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = var.principles_for_policy_2
    }
    actions   = ["SNS:Publish"]
    resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
    condition {
      test     = "StringEquals"
      variable = "AWS:SourceOwner"

      values = [
        data.aws_caller_identity.current.account_id,
      ]
    }
  }


  statement {
    sid    = "Policy3"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = var.principles_for_policy_3
    }
    actions   = ["SNS:Publish"]
    resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]

    condition {
      test     = "StringEquals"
      variable = "AWS:Referer"

      values = [
        data.aws_caller_identity.current.account_id,
      ]
    }
  }
}
import from rtg 2024-05-17 22:03:38 -04:00			`module "sns_topic" {`
			`source = "../sns_topic"`
			`create_sns_topic = var.create_sns_module`

			`policy = data.aws_iam_policy_document.sns_topic_policy.json`
			`name = "${var.prefix}-${var.name_of_topic}"`
			`kms_master_key_id = module.kms.key_id`


			`}`

			`data "aws_iam_policy_document" "sns_topic_policy" {`
			`statement {`
			`sid = "Policy1"`
			`effect = "Allow"`
			`principals {`
			`type = "Service"`
			`identifiers = var.principles_for_policy_1`
			`}`
			`actions = ["SNS:Publish"]`
			`resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]`
			`}`

			`statement {`
			`sid = "Policy2"`
			`effect = "Allow"`
			`principals {`
			`type = "Service"`
			`identifiers = var.principles_for_policy_2`
			`}`
			`actions = ["SNS:Publish"]`
			`resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]`
			`condition {`
			`test = "StringEquals"`
			`variable = "AWS:SourceOwner"`

			`values = [`
			`data.aws_caller_identity.current.account_id,`
			`]`
			`}`
			`}`


			`statement {`
			`sid = "Policy3"`
			`effect = "Allow"`
			`principals {`
			`type = "Service"`
			`identifiers = var.principles_for_policy_3`
			`}`
			`actions = ["SNS:Publish"]`
			`resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]`

			`condition {`
			`test = "StringEquals"`
			`variable = "AWS:Referer"`

			`values = [`
			`data.aws_caller_identity.current.account_id,`
			`]`
			`}`
			`}`
			`}`