module "sns_topic" {
  source           = "../sns_topic"
  create_sns_topic = var.create_sns_module

  policy            = data.aws_iam_policy_document.sns_topic_policy.json
  name              = "${var.prefix}-${var.name_of_topic}"
  kms_master_key_id = module.kms.key_id


}

data "aws_iam_policy_document" "sns_topic_policy" {
  statement {
    sid    = "Policy1"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = var.principles_for_policy_1
    }
    actions   = ["SNS:Publish"]
    resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
  }

  statement {
    sid    = "Policy2"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = var.principles_for_policy_2
    }
    actions   = ["SNS:Publish"]
    resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
    condition {
      test     = "StringEquals"
      variable = "AWS:SourceOwner"

      values = [
        data.aws_caller_identity.current.account_id,
      ]
    }
  }


  statement {
    sid    = "Policy3"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = var.principles_for_policy_3
    }
    actions   = ["SNS:Publish"]
    resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]

    condition {
      test     = "StringEquals"
      variable = "AWS:Referer"

      values = [
        data.aws_caller_identity.current.account_id,
      ]
    }
  }
}