64 lines
1.6 KiB
HCL
64 lines
1.6 KiB
HCL
module "sns_topic" {
|
|
source = "../sns_topic"
|
|
create_sns_topic = var.create_sns_module
|
|
|
|
policy = data.aws_iam_policy_document.sns_topic_policy.json
|
|
name = "${var.prefix}-${var.name_of_topic}"
|
|
kms_master_key_id = module.kms.key_id
|
|
|
|
|
|
}
|
|
|
|
data "aws_iam_policy_document" "sns_topic_policy" {
|
|
statement {
|
|
sid = "Policy1"
|
|
effect = "Allow"
|
|
principals {
|
|
type = "Service"
|
|
identifiers = var.principles_for_policy_1
|
|
}
|
|
actions = ["SNS:Publish"]
|
|
resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
|
|
}
|
|
|
|
statement {
|
|
sid = "Policy2"
|
|
effect = "Allow"
|
|
principals {
|
|
type = "Service"
|
|
identifiers = var.principles_for_policy_2
|
|
}
|
|
actions = ["SNS:Publish"]
|
|
resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
|
|
condition {
|
|
test = "StringEquals"
|
|
variable = "AWS:SourceOwner"
|
|
|
|
values = [
|
|
data.aws_caller_identity.current.account_id,
|
|
]
|
|
}
|
|
}
|
|
|
|
|
|
statement {
|
|
sid = "Policy3"
|
|
effect = "Allow"
|
|
principals {
|
|
type = "Service"
|
|
identifiers = var.principles_for_policy_3
|
|
}
|
|
actions = ["SNS:Publish"]
|
|
resources = ["arn:aws:sns:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${var.prefix}-${var.name_of_topic}"]
|
|
|
|
condition {
|
|
test = "StringEquals"
|
|
variable = "AWS:Referer"
|
|
|
|
values = [
|
|
data.aws_caller_identity.current.account_id,
|
|
]
|
|
}
|
|
}
|
|
}
|