├── .deepsource.toml ├── .editorconfig ├── .github ├── CODEOWNERS ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── auto_assignee.yml │ ├── automerge.yml │ ├── changelog.yml │ ├── readme.yml │ ├── tf-checks.yml │ ├── tflint.yml │ └── tfsec.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CHANGELOG.md ├── LICENSE ├── Makefile ├── README.md ├── README.yaml ├── docs └── io.md ├── examples ├── APNS │ ├── basic │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── versions.tf │ ├── complete │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── versions.tf │ └── text │ │ ├── example.tf │ │ ├── outputs.tf │ │ └── versions.tf ├── GCM │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── _json │ └── delivery_policy.json ├── certificates │ ├── cert.pem │ └── private_key.pem └── sns_topic │ ├── example.tf │ ├── outputs.tf │ └── versions.tf ├── main.tf ├── outputs.tf ├── variables.tf └── versions.tf /.deepsource.toml: -------------------------------------------------------------------------------- 1 | version = 1 2 | 3 | [[analyzers]] 4 | name = "terraform" 5 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | # Uses editorconfig to maintain consistent coding styles 3 | 4 | # top-most EditorConfig file 5 | root = true 6 | 7 | # Unix-style newlines with a newline ending every file 8 | [*] 9 | charset = utf-8 10 | end_of_line = lf 11 | indent_size = 2 12 | indent_style = space 13 | insert_final_newline = true 14 | max_line_length = 80 15 | trim_trailing_whitespace = true 16 | 17 | [*.{tf,tfvars}] 18 | indent_size = 2 19 | indent_style = space 20 | 21 | [*.md] 22 | max_line_length = 0 23 | trim_trailing_whitespace = false 24 | 25 | [Makefile] 26 | tab_width = 2 27 | indent_style = tab 28 | 29 | [COMMIT_EDITMSG] 30 | max_line_length = 0 31 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # These owners will be the default owners for everything in the repo. 2 | * @anmolnagpal @clouddrove/approvers @clouddrove-ci 3 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## what 2 | * Describe high-level what changed as a result of these commits (i.e. in plain-english, what do these changes mean?) 3 | * Use bullet points to be concise and to the point. 4 | 5 | ## why 6 | * Provide the justifications for the changes (e.g. business case). 7 | * Describe why these changes were made (e.g. why do these commits fix the problem?) 8 | * Use bullet points to be concise and to the point. 9 | 10 | ## references 11 | * Link to any supporting jira issues or helpful documentation to add some context (e.g. stackoverflow). 12 | * Use `closes #123`, if this PR closes a Jira issue `#123` 13 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | 9 | - package-ecosystem: "github-actions" 10 | directory: "/" 11 | schedule: 12 | interval: "daily" 13 | open-pull-requests-limit: 3 14 | assignees: 15 | - "clouddrove-ci" 16 | reviewers: 17 | - "approvers" 18 | 19 | - package-ecosystem: "terraform" # See documentation for possible values 20 | directory: "/" # Location of package manifests 21 | schedule: 22 | interval: "weekly" 23 | # Add assignees 24 | assignees: 25 | - "clouddrove-ci" 26 | # Add reviewer 27 | reviewers: 28 | - "approvers" 29 | # Allow up to 3 open pull requests for pip dependencies 30 | open-pull-requests-limit: 3 31 | 32 | - package-ecosystem: "terraform" # See documentation for possible values 33 | directory: "examples/GCM" # Location of package manifests 34 | schedule: 35 | interval: "weekly" 36 | # Add assignees 37 | assignees: 38 | - "clouddrove-ci" 39 | # Add reviewer 40 | reviewers: 41 | - "approvers" 42 | # Allow up to 3 open pull requests for pip dependencies 43 | open-pull-requests-limit: 3 44 | 45 | - package-ecosystem: "terraform" # See documentation for possible values 46 | directory: "examples/sns_topic" # Location of package manifests 47 | schedule: 48 | interval: "weekly" 49 | # Add assignees 50 | assignees: 51 | - "clouddrove-ci" 52 | # Add reviewer 53 | reviewers: 54 | - "approvers" 55 | # Allow up to 3 open pull requests for pip dependencies 56 | open-pull-requests-limit: 3 57 | 58 | - package-ecosystem: "terraform" # See documentation for possible values 59 | directory: "examples/APNS/basic/" # Location of package manifests 60 | schedule: 61 | interval: "weekly" 62 | # Add assignees 63 | assignees: 64 | - "clouddrove-ci" 65 | # Add reviewer 66 | reviewers: 67 | - "approvers" 68 | # Allow up to 3 open pull requests for pip dependencies 69 | open-pull-requests-limit: 3 70 | 71 | - package-ecosystem: "terraform" # See documentation for possible values 72 | directory: "examples/APNS/complete/" # Location of package manifests 73 | schedule: 74 | interval: "weekly" 75 | # Add assignees 76 | assignees: 77 | - "clouddrove-ci" 78 | # Add reviewer 79 | reviewers: 80 | - "approvers" 81 | # Allow up to 3 open pull requests for pip dependencies 82 | open-pull-requests-limit: 3 83 | 84 | - package-ecosystem: "terraform" # See documentation for possible values 85 | directory: "examples/APNS/text/" # Location of package manifests 86 | schedule: 87 | interval: "weekly" 88 | # Add assignees 89 | assignees: 90 | - "clouddrove-ci" 91 | # Add reviewer 92 | reviewers: 93 | - "approvers" 94 | # Allow up to 3 open pull requests for pip dependencies 95 | open-pull-requests-limit: 3 96 | -------------------------------------------------------------------------------- /.github/workflows/auto_assignee.yml: -------------------------------------------------------------------------------- 1 | name: Auto Assign PRs 2 | on: 3 | pull_request: 4 | types: [opened, reopened] 5 | workflow_dispatch: 6 | jobs: 7 | assignee: 8 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_assignee.yml@master 9 | secrets: 10 | GITHUB: ${{ secrets.GITHUB }} 11 | with: 12 | assignees: 'clouddrove-ci' 13 | -------------------------------------------------------------------------------- /.github/workflows/automerge.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: Auto merge 3 | on: 4 | pull_request: 5 | jobs: 6 | auto-merge: 7 | uses: clouddrove/github-shared-workflows/.github/workflows/auto_merge.yml@master 8 | secrets: 9 | GITHUB: ${{ secrets.GITHUB }} 10 | with: 11 | tfcheck: 'sns_topic-example / Check code format' 12 | ... 13 | -------------------------------------------------------------------------------- /.github/workflows/changelog.yml: -------------------------------------------------------------------------------- 1 | name: changelog 2 | permissions: write-all 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | workflow_dispatch: 8 | jobs: 9 | changelog: 10 | uses: clouddrove/github-shared-workflows/.github/workflows/changelog.yml@master 11 | secrets: inherit 12 | with: 13 | branch: 'master' 14 | -------------------------------------------------------------------------------- /.github/workflows/readme.yml: -------------------------------------------------------------------------------- 1 | name: Readme Workflow 2 | on: 3 | push: 4 | branches: 5 | - master 6 | paths-ignore: 7 | - 'README.md' 8 | - 'docs/**' 9 | workflow_dispatch: 10 | jobs: 11 | README: 12 | uses: clouddrove/github-shared-workflows/.github/workflows/readme.yml@master 13 | secrets: 14 | TOKEN : ${{ secrets.GITHUB }} 15 | SLACK_WEBHOOK_TERRAFORM: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} 16 | -------------------------------------------------------------------------------- /.github/workflows/tf-checks.yml: -------------------------------------------------------------------------------- 1 | name: tf-checks 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | APNS-basic-example: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 10 | with: 11 | working_directory: './examples/APNS/basic/' 12 | APNS-complete-example: 13 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 14 | with: 15 | working_directory: './examples/APNS/complete/' 16 | APNS-text-example: 17 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 18 | with: 19 | working_directory: './examples/APNS/text/' 20 | GCM-example: 21 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 22 | with: 23 | working_directory: './examples/GCM/' 24 | sns_topic-example: 25 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master 26 | with: 27 | working_directory: './examples/sns_topic/' 28 | -------------------------------------------------------------------------------- /.github/workflows/tflint.yml: -------------------------------------------------------------------------------- 1 | name: tf-lint 2 | on: 3 | push: 4 | branches: [ master ] 5 | pull_request: 6 | workflow_dispatch: 7 | jobs: 8 | tf-lint: 9 | uses: clouddrove/github-shared-workflows/.github/workflows/tf-lint.yml@master 10 | secrets: 11 | GITHUB: ${{ secrets.GITHUB }} 12 | -------------------------------------------------------------------------------- /.github/workflows/tfsec.yml: -------------------------------------------------------------------------------- 1 | name: tfsec 2 | permissions: write-all 3 | on: 4 | pull_request: 5 | workflow_dispatch: 6 | jobs: 7 | tfsec: 8 | uses: clouddrove/github-shared-workflows/.github/workflows/tfsec.yml@master 9 | secrets: inherit 10 | with: 11 | working_directory: '.' 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignored files 2 | *~ 3 | 4 | # temporary files which can be created if a process still has a handle open of a deleted file 5 | .fuse_hidden* 6 | 7 | # KDE directory preferences 8 | .directory 9 | 10 | # Linux trash folder which might appear on any partition or disk 11 | .Trash-* 12 | 13 | # .nfs files are created when an open file is removed but is still being accessed 14 | .nfs* 15 | ### Eclipse template 16 | 17 | .metadata 18 | bin/ 19 | tmp/ 20 | *.tmp 21 | *.bak 22 | *.swp 23 | *~.nib 24 | local.properties 25 | .settings/ 26 | .loadpath 27 | .recommenders 28 | 29 | # External tool builders 30 | .externalToolBuilders/ 31 | 32 | # Locally stored "Eclipse launch configurations" 33 | *.launch 34 | 35 | # PyDev specific (Python IDE for Eclipse) 36 | *.pydevproject 37 | 38 | # CDT-specific (C/C++ Development Tooling) 39 | .cproject 40 | 41 | # Java annotation processor (APT) 42 | .factorypath 43 | 44 | # PDT-specific (PHP Development Tools) 45 | .buildpath 46 | 47 | # sbteclipse plugin 48 | .target 49 | 50 | # Tern plugin 51 | .tern-project 52 | 53 | # TeXlipse plugin 54 | .texlipse 55 | 56 | # STS (Spring Tool Suite) 57 | .springBeans 58 | 59 | # Code Recommenders 60 | .recommenders/ 61 | 62 | # Scala IDE specific (Scala & Java development for Eclipse) 63 | .cache-main 64 | .scala_dependencies 65 | .worksheet 66 | ### Windows template 67 | # Windows thumbnail cache files 68 | Thumbs.db 69 | ehthumbs.db 70 | ehthumbs_vista.db 71 | 72 | # Dump file 73 | *.stackdump 74 | 75 | # Folder config file 76 | [Dd]esktop.ini 77 | 78 | # Recycle Bin used on file shares 79 | $RECYCLE.BIN/ 80 | 81 | # Windows Installer files 82 | *.cab 83 | *.msi 84 | *.msm 85 | *.msp 86 | 87 | # Windows shortcuts 88 | *.lnk 89 | ### Ansible template 90 | *.retry 91 | ### macOS template 92 | # General 93 | .DS_Store 94 | .AppleDouble 95 | .LSOverride 96 | 97 | # Icon must end with two \r 98 | Icon 99 | 100 | # Thumbnails 101 | ._* 102 | 103 | # Files that might appear in the root of a volume 104 | .DocumentRevisions-V100 105 | .fseventsd 106 | .Spotlight-V100 107 | .TemporaryItems 108 | .Trashes 109 | .VolumeIcon.icns 110 | .com.apple.timemachine.donotpresent 111 | 112 | # Directories potentially created on remote AFP share 113 | .AppleDB 114 | .AppleDesktop 115 | Network Trash Folder 116 | Temporary Items 117 | .apdisk 118 | ### Archives template 119 | # It's better to unpack these files and commit the raw source because 120 | # git has its own built in compression methods. 121 | *.7z 122 | *.jar 123 | *.rar 124 | *.zip 125 | *.gz 126 | *.tgz 127 | *.bzip 128 | *.bz2 129 | *.xz 130 | *.lzma 131 | *.cab 132 | 133 | # Packing-only formats 134 | *.iso 135 | *.tar 136 | 137 | # Package management formats 138 | *.dmg 139 | *.xpi 140 | *.gem 141 | *.egg 142 | *.deb 143 | *.rpm 144 | *.msi 145 | *.msm 146 | *.msp 147 | ### JetBrains template 148 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm 149 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 150 | 151 | /.idea/ 152 | # User-specific stuff: 153 | .idea/**/workspace.xml 154 | .idea/**/tasks.xml 155 | .idea/dictionaries 156 | 157 | # Sensitive or high-churn files: 158 | .idea/**/dataSources/ 159 | .idea/**/dataSources.ids 160 | .idea/**/dataSources.xml 161 | .idea/**/dataSources.local.xml 162 | .idea/**/sqlDataSources.xml 163 | .idea/**/dynamic.xml 164 | .idea/**/uiDesigner.xml 165 | 166 | # Gradle: 167 | .idea/**/gradle.xml 168 | .idea/**/libraries 169 | 170 | # CMake 171 | cmake-build-debug/ 172 | 173 | # Mongo Explorer plugin: 174 | .idea/**/mongoSettings.xml 175 | 176 | ## File-based project format: 177 | *.iws 178 | 179 | ## Plugin-specific files: 180 | 181 | # IntelliJ 182 | out/ 183 | 184 | # mpeltonen/sbt-idea plugin 185 | .idea_modules/ 186 | # User-specific stuff: 187 | .idea/* 188 | # JIRA plugin 189 | atlassian-ide-plugin.xml 190 | 191 | # Cursive Clojure plugin 192 | .idea/replstate.xml 193 | 194 | # TFstste 195 | *.tfstate* 196 | 197 | deployment/_logs/ansible-log.json 198 | deployment/_logs/ansible-log.log 199 | deployment/_logs/facts/* 200 | deployment/_logs/retry/* 201 | _app/* 202 | ansible-log.json 203 | .terraform 204 | terraform.tfstate 205 | 206 | *.tfstate 207 | *.tfstate.backup 208 | *.iml 209 | *.terraform.lock.hcl 210 | *.lock.hcl 211 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | 3 | - repo: https://github.com/gruntwork-io/pre-commit 4 | rev: v0.1.12 # Get the latest from: https://github.com/gruntwork-io/pre-commit/releases 5 | hooks: 6 | - id: terraform-fmt 7 | - id: shellcheck 8 | - id: tflint 9 | 10 | - repo: git://github.com/pre-commit/pre-commit-hooks 11 | rev: v3.4.0 # Use the ref you want to point at 12 | hooks: 13 | - id: end-of-file-fixer 14 | - id: trailing-whitespace 15 | - id: mixed-line-ending 16 | - id: check-byte-order-marker 17 | - id: check-executables-have-shebangs 18 | - id: check-merge-conflict 19 | - id: debug-statements 20 | - id: check-yaml 21 | - id: check-added-large-files 22 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | All notable changes to this project will be documented in this file. 3 | 4 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 5 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 6 | 7 | ## [1.3.0] - 2022-01-26 8 | ### :bug: Bug Fixes 9 | - [`7cc6167`](https://github.com/clouddrove/terraform-aws-sns/commit/7cc61671be6219d860fcc83e78c8434f1af12e78) - update github-action. 10 | 11 | 12 | ## [1.0.1] - 2022-05-20 13 | ### :bug: Bug Fixes 14 | - [`3f6e83b`](https://github.com/clouddrove/terraform-aws-sns/commit/3f6e83b879745818c595d03d6bb94ef7df622f3d) - use terraform letast version 15 | 16 | 17 | ## [0.15.2] - 2021-10-22 18 | ### :bug: Bug Fixes 19 | - [`809f0e2`](https://github.com/clouddrove/terraform-aws-sns/commit/809f0e2be5f4ee19ab31b601a5e2f3f718d87475) - use terraform letast version 20 | 21 | ## [0.15.1] - 2021-07-27 22 | ### :sparkles: New Features 23 | - [`c6d41ad`](https://github.com/clouddrove/terraform-aws-sns/commit/c6d41adbb2f29d9308beb1fb10a604332815cd3d) - add terraform latest version 24 | 25 | ## [0.15.0] - 2021-06-28 26 | ### :bug: Bug Fixes 27 | - [`95a903d`](https://github.com/clouddrove/terraform-aws-sns/commit/95a903d841e0aab8075b593ec9fccc21ddd8a791) - add a new enable_subscription variable 28 | 29 | 30 | ## [0.14.0] - 2020-01-20 31 | ### :bug: Bug Fixes 32 | - [`95a903d`](https://github.com/clouddrove/terraform-aws-sns/commit/95a903d841e0aab8075b593ec9fccc21ddd8a791) - add a new enable_subscription variable 33 | 34 | ## [0.13.0] - 2020-10-26 35 | ### :bug: Bug Fixes 36 | - [`95a903d`](https://github.com/clouddrove/terraform-aws-sns/commit/95a903d841e0aab8075b593ec9fccc21ddd8a791) - add a new enable_subscription variable 37 | 38 | ## [0.12.2] - 2020-08-08 39 | ### :bug: Bug Fixes 40 | - [`95a903d`](https://github.com/clouddrove/terraform-aws-sns/commit/95a903d841e0aab8075b593ec9fccc21ddd8a791) - add a new enable_subscription variable 41 | - [`aa33754`](https://github.com/clouddrove/terraform-aws-sns/commit/aa33754ca6d6be579fff8a373a5c539ec6843567) - upgrade to 0.14 42 | - [`fbc4cf6`](https://github.com/clouddrove/terraform-aws-sns/commit/fbc4cf6b3158f741b11296fb571e38bf96585694) - updated and upgraded 43 | 44 | 45 | ## [0.12.1] - 2019-12-30 46 | ### :bug: Bug Fixes 47 | - [`8f75a62`](https://github.com/clouddrove/terraform-aws-sns/commit/8f75a62eadc0a923095e72fc7b6977eae1847b44) - fix labels managedby variables (#9) 48 | - [`5d0beb1`](https://github.com/clouddrove/terraform-aws-sns/commit/5d0beb17f97b2bdbf6cc246e1145da5b5450d9dc) - add some variables in output 49 | - [`95a903d`](https://github.com/clouddrove/terraform-aws-sns/commit/95a903d841e0aab8075b593ec9fccc21ddd8a791) - add a new enable_subscription variable 50 | 51 | ## [0.12.0] - 2019-09-24 52 | ### :bug: Bug Fixes 53 | - [`8f75a62`](https://github.com/clouddrove/terraform-aws-sns/commit/8f75a62eadc0a923095e72fc7b6977eae1847b44) - fix labels managedby variables (#9) 54 | - [`3b049b8`](https://github.com/clouddrove/terraform-aws-sns/commit/3b049b853362d7ffc0aa217b1e40fae484d0beac) - updated and upgraded 55 | - [`95a903d`](https://github.com/clouddrove/terraform-aws-sns/commit/95a903d841e0aab8075b593ec9fccc21ddd8a791) - add a new enable_subscription variable 56 | 57 | 58 | [0.12.0]: https://github.com/clouddrove/terraform-aws-sns/compare/0.12.0...master 59 | [0.12.1]: https://github.com/clouddrove/terraform-aws-sns/compare/0.12.1...master 60 | [0.12.2]: https://github.com/clouddrove/terraform-aws-sns/compare/0.12.2...master 61 | [0.13.0]: https://github.com/clouddrove/terraform-aws-sns/compare/0.13.0...master 62 | [0.14.0]: https://github.com/clouddrove/terraform-aws-sns/compare/0.14.0...master 63 | [0.15.0]: https://github.com/clouddrove/terraform-aws-sns/compare/0.15.0...master 64 | [0.15.1]: https://github.com/clouddrove/terraform-aws-sns/compare/0.15.1...master 65 | [0.15.2]: https://github.com/clouddrove/terraform-aws-sns/compare/0.15.2...master 66 | [1.0.1]: https://github.com/clouddrove/terraform-aws-sns/compare/1.0.1...master 67 | [1.3.0]: https://github.com/clouddrove/terraform-aws-sns/releases/tag/1.3.0 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright 2021 CloudDrove Inc. 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | export GENIE_PATH ?= $(shell 'pwd')/../../../genie 2 | 3 | include $(GENIE_PATH)/Makefile 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Banner](https://github.com/clouddrove/terraform-module-template/assets/119565952/67a8a1af-2eb7-40b7-ae07-c94cde9ce062)][website] 3 |

4 | Terraform AWS SNS 5 |

6 | 7 |

8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |

10 | 11 | 12 |

13 | 14 | 15 | Latest Release 16 | 17 | 18 | tfsec 19 | 20 | 21 | Licence 22 | 23 | 24 | Changelog 25 | 26 | 27 | 28 |

29 |

30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 |

45 |
46 | 47 | 48 | We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices. 49 | 50 | 51 | This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding. 52 | 53 | 54 | 55 | 56 | ## Prerequisites and Providers 57 | 58 | This table contains both Prerequisites and Providers: 59 | 60 | | Description | Name | Version | 61 | |:-------------:|:-------------------------------------------:|:---------:| 62 | | **Prerequisite** | [Terraform](https://learn.hashicorp.com/terraform/getting-started/install.html) | >= 1.6.6 | 63 | | **Provider** | [aws](https://aws.amazon.com/) | >= 5.31.0 | 64 | 65 | 66 | 67 | 68 | 69 | ## Examples 70 | 71 | **IMPORTANT:** Since the master branch used in source varies based on new modifications, we recommend using the [release versions](https://github.com/clouddrove/terraform-aws-sns/releases). 72 | 73 | 📌 For additional usage examples, check the complete list under [`examples/`](./examples) directory. 74 | 75 | 76 | 77 | ## Inputs and Outputs 78 | 79 | Refer to complete documentation: [here](docs/io.md) 80 | 81 | 82 | 93 | 94 | 95 | ## Module Dependencies 96 | 97 | This module has dependencies on: 98 | - [Labels Module](https://github.com/clouddrove/terraform-aws-labels): Provides resource tagging. 99 | 100 | 101 | ## 📑 Changelog 102 | 103 | Refer [here](CHANGELOG.md). 104 | 105 | 106 | 107 | 108 | ## ✨ Contributors 109 | 110 | Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward. 111 | 112 | 113 | 114 | 115 |
116 |
117 | 118 | If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!): 119 | 120 | - **Fork the Repository:** Create a new branch for your feature or bug fix. 121 | - **Coding Standards:** You know the drill. 122 | - **Clear Commit Messages:** Write clear and concise commit messages to facilitate understanding. 123 | - **Thorough Testing:** Test your changes thoroughly before submitting a pull request. 124 | - **Documentation Updates:** Include relevant documentation updates if your changes impact it. 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | ## Feedback 139 | Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our [issue tracker](https://github.com/clouddrove/terraform-aws-sns/issues), feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com). 140 | 141 | Show some love with a ★ on [our GitHub](https://github.com/clouddrove/terraform-aws-sns)! if our work has brightened your day! – your feedback fuels our journey! 142 | 143 | 144 | ## :rocket: Our Accomplishment 145 | 146 | We have [*100+ Terraform modules*][terraform_modules] 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress. 147 | 148 | - [Terraform Module Registry:](https://registry.terraform.io/namespaces/clouddrove) Discover our Terraform modules here. 149 | 150 | - [Terraform Modules for AWS/Azure Modules:](https://github.com/clouddrove/toc) Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP. 151 | 152 | - [Terraform Modules for Digital Ocean:](https://github.com/terraform-do-modules/toc) Check out our specialized Terraform modules for Digital Ocean. 153 | 154 | 155 | 156 | 157 | ## Join Our Slack Community 158 | 159 | Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. 160 | Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency. 161 | 162 | 🌐💬What you'll get after joining this Slack community: 163 | 164 | - 🚀 Encouragement to upgrade your best version. 165 | - 🌈 Learning companionship with our DevOps squad. 166 | - 🌱 Relentless growth with daily updates on new advancements in technologies. 167 | 168 | Join our tech elites [Join Now][slack] 🚀 169 | 170 | 171 | ## Explore Our Blogs 172 | 173 | Click [here][blog] :books: :star2: 174 | 175 | ## Tap into our capabilities 176 | We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions. 177 | 178 | At [CloudDrove][website], has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [business@clouddrove.com](mailto:business@clouddrove.com). 179 | 180 |

We are The Cloud Experts!

181 |
182 |

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | # 6 | 7 | # Name of this project 8 | name: Terraform AWS SNS 9 | 10 | # License of this project 11 | license: "APACHE" 12 | 13 | # Canonical GitHub repo 14 | github_repo: clouddrove/terraform-aws-sns 15 | 16 | # Badges to display 17 | badges: 18 | - name: "Latest Release" 19 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-sns.svg" 20 | url: "https://github.com/clouddrove/terraform-aws-sns/releases/latest" 21 | - name: "tfsec" 22 | image: "https://github.com/clouddrove/terraform-aws-sns/actions/workflows/tfsec.yml/badge.svg" 23 | url: "https://github.com/clouddrove/terraform-aws-sns/actions/workflows/tfsec.yml" 24 | - name: "Licence" 25 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 26 | url: "LICENSE.md" 27 | - name: "Changelog" 28 | image: "https://img.shields.io/badge/Changelog-blue" 29 | url: "CHANGELOG.md" 30 | 31 | prerequesties: 32 | - name: Terraform 33 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 34 | version: ">= 1.6.6" 35 | 36 | providers: 37 | - name: aws 38 | url: https://aws.amazon.com/ 39 | version: ">= 5.31.0" 40 | 41 | module_dependencies: 42 | - name: Labels Module 43 | url: https://github.com/clouddrove/terraform-aws-labels 44 | description: Provides resource tagging. 45 | 46 | # description of this project 47 | description: |- 48 | Terraform module is used to setup SNS service to manage notifications on application. 49 | 50 | 51 | # How to use this project 52 | usage : |- 53 | Here are some examples of how you can use this module in your inventory structure: 54 | ### APNS 55 | #### Basic 56 | ```hcl 57 | module "sns" { 58 | source = "clouddrove/sns/aws" 59 | name = local.name 60 | environment = local.environment 61 | enable_sns = true 62 | platform = "APNS" 63 | key = "../../certificates/private_key.pem" 64 | certificate = "../../certificates/cert.pem" 65 | } 66 | ``` 67 | #### Text 68 | ```hcl 69 | module "sns" { 70 | source = "clouddrove/sns/aws" 71 | name = local.name 72 | environment = local.environment 73 | enable_sms_preference = true 74 | monthly_spend_limit = "1" 75 | 76 | delivery_status_success_sampling_rate = "50" 77 | default_sender_id = "test" 78 | default_sms_type = "Transactional" 79 | } 80 | ``` 81 | 82 | #### Complete 83 | ```hcl 84 | module "sns" { 85 | source = "clouddrove/sns/aws" 86 | name = local.name 87 | environment = local.environment 88 | platform = "APNS" 89 | enable_sms_preference = true 90 | enable_topic = true 91 | endpoint = module.sqs.arn 92 | protocol = "sqs" 93 | key = "../../certificates/private_key.pem" 94 | certificate = "../../certificates/cert.pem" 95 | delivery_policy = file("../../_json/delivery_policy.json") 96 | policy = data.aws_iam_policy_document.sns-topic-policy.json 97 | } 98 | 99 | data "aws_iam_policy_document" "sns-topic-policy" { 100 | policy_id = "__default_policy_ID" 101 | statement { 102 | actions = [ 103 | "SNS:Subscribe", 104 | "SNS:SetTopicAttributes", 105 | "SNS:RemovePermission", 106 | "SNS:Receive", 107 | "SNS:Publish", 108 | "SNS:ListSubscriptionsByTopic", 109 | "SNS:GetTopicAttributes", 110 | "SNS:DeleteTopic", 111 | "SNS:AddPermission", 112 | ] 113 | condition { 114 | test = "StringEquals" 115 | variable = "AWS:SourceOwner" 116 | 117 | values = [ 118 | data.aws_caller_identity.current.account_id, 119 | ] 120 | } 121 | effect = "Allow" 122 | principals { 123 | type = "AWS" 124 | identifiers = ["*"] 125 | } 126 | resources = [ 127 | format("arn:aws:sns:eu-west-1:%s:app/APNS/sns-test", data.aws_caller_identity.current.account_id) 128 | ] 129 | sid = "__default_statement_ID" 130 | } 131 | } 132 | ``` 133 | ### GCM 134 | ```hcl 135 | module "sns" { 136 | source = "clouddrove/sns/aws" 137 | name = local.name 138 | environment = local.environment 139 | enable_sns = true 140 | platform = "GCM" 141 | gcm_key = "AAAA8TYQCtc:APesgdrthyujioyhtgfds4icP_6Kyz3OT2Ms1cbJZDOq3AkCAt5tNpNE0g3oUQBdind1g7891cdrVAxbOmzL3XRd0ktgkFne2OwI7pC5an877XcBNQiHPMHT7dN7TykI2o6O2K" 142 | } 143 | ``` 144 | ### sns_topic 145 | ```hcl 146 | module "sns" { 147 | source = "clouddrove/sns/aws" 148 | name = local.name 149 | environment = local.environment 150 | enable_topic = true 151 | 152 | subscribers = { 153 | newrelic = { 154 | protocol = "https" 155 | endpoint = "https://example.com" 156 | endpoint_auto_confirms = false 157 | raw_message_delivery = true 158 | filter_policy = "" 159 | delivery_policy = "" 160 | confirmation_timeout_in_minutes = "60" 161 | }, 162 | sms = { 163 | protocol = "sms" 164 | endpoint = "9198*****" 165 | endpoint_auto_confirms = false 166 | raw_message_delivery = false 167 | filter_policy = "" 168 | delivery_policy = "" 169 | confirmation_timeout_in_minutes = "60" 170 | }, 171 | } 172 | } 173 | ``` 174 | -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | application\_failure\_feedback\_role\_arn | IAM role for failure feedback. | `string` | `""` | no | 6 | | application\_success\_feedback\_role\_arn | The IAM role permitted to receive success feedback for this topic. | `string` | `""` | no | 7 | | application\_success\_feedback\_sample\_rate | Percentage of success to sample. | `number` | `100` | no | 8 | | certificate | application Platform principal. See Principal for type of principal required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources. | `string` | `""` | no | 9 | | content\_based\_deduplication | Boolean indicating whether or not to enable content-based deduplication for FIFO topics. | `bool` | `false` | no | 10 | | create\_topic\_policy | Determines whether an SNS topic policy is created | `bool` | `true` | no | 11 | | data\_protection\_policy | A map of data protection policy statements | `string` | `null` | no | 12 | | default\_sender\_id | A string, such as your business brand, that is displayed as the sender on the receiving device. | `string` | `""` | no | 13 | | default\_sms\_type | The type of SMS message that you will send by default. Possible values are: Promotional, Transactional. | `string` | `"Transactional"` | no | 14 | | delivery\_policy | The SNS delivery policy. | `string` | `null` | no | 15 | | delivery\_status\_iam\_role\_arn | The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs. | `string` | `""` | no | 16 | | delivery\_status\_success\_sampling\_rate | The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value must be between 0 and 100. | `number` | `50` | no | 17 | | display\_name | The display name for the SNS topic. | `string` | `""` | no | 18 | | enable\_default\_topic\_policy | Specifies whether to enable the default topic policy. Defaults to `true` | `bool` | `true` | no | 19 | | enable\_sms\_preference | Boolean indicating whether or not to update SNS SMS Preference. | `bool` | `false` | no | 20 | | enable\_sns | Boolean indicating whether or not to create sns. | `bool` | `false` | no | 21 | | enable\_topic | Boolean indicating whether or not to create topic. | `bool` | `false` | no | 22 | | enabled | Boolean indicating whether or not to create sns module. | `bool` | `true` | no | 23 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | 24 | | event\_delivery\_failure\_topic\_arn | SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure. | `string` | `""` | no | 25 | | event\_endpoint\_created\_topic\_arn | SNS Topic triggered when a new platform endpoint is added to your platform application. | `string` | `""` | no | 26 | | event\_endpoint\_deleted\_topic\_arn | SNS Topic triggered when an existing platform endpoint is deleted from your platform application. | `string` | `""` | no | 27 | | event\_endpoint\_updated\_topic\_arn | SNS Topic triggered when an existing platform endpoint is changed from your platform application. | `string` | `""` | no | 28 | | failure\_feedback\_role\_arn | The IAM role permitted to receive failure feedback for this application. | `string` | `""` | no | 29 | | fifo\_topic | Boolean indicating whether or not to create a FIFO (first-in-first-out) topic | `bool` | `false` | no | 30 | | gcm\_key | Application Platform credential. See Credential for type of credential required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources. | `string` | `""` | no | 31 | | http\_failure\_feedback\_role\_arn | IAM role for failure feedback. | `string` | `""` | no | 32 | | http\_success\_feedback\_role\_arn | The IAM role permitted to receive success feedback for this topic. | `string` | `""` | no | 33 | | http\_success\_feedback\_sample\_rate | Percentage of success to sample. | `number` | `100` | no | 34 | | key | Application Platform credential. See Credential for type of credential required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources. | `string` | `""` | no | 35 | | kms\_master\_key\_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information. | `string` | `""` | no | 36 | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | 
[
  "name",
  "environment"
]
| no | 37 | | lambda\_failure\_feedback\_role\_arn | IAM role for failure feedback. | `string` | `""` | no | 38 | | lambda\_success\_feedback\_role\_arn | The IAM role permitted to receive success feedback for this topic. | `string` | `""` | no | 39 | | lambda\_success\_feedback\_sample\_rate | Percentage of success to sample. | `number` | `100` | no | 40 | | managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | 41 | | monthly\_spend\_limit | The maximum amount in USD that you are willing to spend each month to send SMS messages. | `number` | `1` | no | 42 | | name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | 43 | | override\_topic\_policy\_documents | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` | `list(string)` | `[]` | no | 44 | | platform | The platform that the app is registered with. See Platform for supported platforms like 'APNS' 'GCM'. | `string` | `""` | no | 45 | | policy | The fully-formed AWS policy as JSON. For more information about building AWS IAM policy documents with Terraform. | `string` | `""` | no | 46 | | repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-sns"` | no | 47 | | signature\_version | If SignatureVersion should be 1 (SHA1) or 2 (SHA256). The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. | `number` | `null` | no | 48 | | source\_topic\_policy\_documents | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s | `list(string)` | `[]` | no | 49 | | sqs\_failure\_feedback\_role\_arn | IAM role for failure feedback. | `string` | `""` | no | 50 | | sqs\_success\_feedback\_role\_arn | The IAM role permitted to receive success feedback for this topic. | `string` | `""` | no | 51 | | sqs\_success\_feedback\_sample\_rate | Percentage of success to sample. | `number` | `100` | no | 52 | | subscribers | Required configuration for subscibres to SNS topic. | 
map(object({
    protocol = string
    # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below).
    endpoint = string
    # The endpoint to send data to, the contents will vary with the protocol. (see below for more information)
    endpoint_auto_confirms = bool
    # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false)
    raw_message_delivery = bool
    # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false)
    filter_policy = string
    # JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource.
    delivery_policy = string
    # The SNS delivery policy
    confirmation_timeout_in_minutes = string
    # Integer indicating number of minutes to wait in retying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols.
  }))
| `{}` | no | 53 | | success\_feedback\_role\_arn | The IAM role permitted to receive success feedback for this application. | `string` | `""` | no | 54 | | success\_feedback\_sample\_rate | The percentage of success to sample (0-100). | `number` | `100` | no | 55 | | topic\_policy\_statements | A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage | `any` | `{}` | no | 56 | | tracing\_config | Tracing mode of an Amazon SNS topic. Valid values: PassThrough, Active. | `string` | `null` | no | 57 | | usage\_report\_s3\_bucket | The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS. | `string` | `""` | no | 58 | 59 | ## Outputs 60 | 61 | | Name | Description | 62 | |------|-------------| 63 | | arn | The ARN of the SNS platform application. | 64 | | id | The ID of the SNS platform application. | 65 | | topic-arn | The ARN of the SNS topic. | 66 | | topic-id | The ID of the SNS topic. | 67 | 68 | -------------------------------------------------------------------------------- /examples/APNS/basic/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "basic-sns" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## SNS module call. 12 | ##----------------------------------------------------------------------------- 13 | module "sns" { 14 | source = "./../../../" 15 | 16 | name = local.name 17 | environment = local.environment 18 | enable_sns = true 19 | platform = "APNS" 20 | key = "../../certificates/private_key.pem" 21 | certificate = "../../certificates/cert.pem" 22 | } 23 | -------------------------------------------------------------------------------- /examples/APNS/basic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = module.sns[*].arn 3 | description = "The ARN of the SNS platform application." 4 | } 5 | -------------------------------------------------------------------------------- /examples/APNS/basic/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/APNS/complete/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "sns" 7 | environment = "test" 8 | } 9 | 10 | data "aws_caller_identity" "current" {} 11 | 12 | ##----------------------------------------------------------------------------- 13 | ## sqs module call. 14 | ##----------------------------------------------------------------------------- 15 | module "sqs" { 16 | source = "clouddrove/sqs/aws" 17 | version = "1.3.0" 18 | 19 | name = local.name 20 | environment = local.environment 21 | delay_seconds = 90 22 | max_message_size = 2048 23 | message_retention_seconds = 86400 24 | receive_wait_time_seconds = 10 25 | policy = data.aws_iam_policy_document.document.json 26 | } 27 | 28 | data "aws_iam_policy_document" "document" { 29 | version = "2012-10-17" 30 | statement { 31 | sid = "First" 32 | effect = "Allow" 33 | principals { 34 | type = "AWS" 35 | identifiers = ["*"] 36 | } 37 | actions = ["sqs:SendMessage"] 38 | resources = [ 39 | format("arn:aws:sqs:eu-west-1:%s:sqs-test", data.aws_caller_identity.current.account_id) 40 | ] 41 | } 42 | } 43 | 44 | ##----------------------------------------------------------------------------- 45 | ## SNS module call. 46 | ##----------------------------------------------------------------------------- 47 | module "sns" { 48 | source = "./../../../" 49 | 50 | name = local.name 51 | environment = local.environment 52 | platform = "APNS" 53 | enable_sms_preference = true 54 | enable_topic = true 55 | key = "../../certificates/private_key.pem" 56 | certificate = "../../certificates/cert.pem" 57 | delivery_policy = file("../../_json/delivery_policy.json") 58 | policy = data.aws_iam_policy_document.sns-topic-policy.json 59 | } 60 | 61 | data "aws_iam_policy_document" "sns-topic-policy" { 62 | policy_id = "__default_policy_ID" 63 | statement { 64 | actions = [ 65 | "SNS:Subscribe", 66 | "SNS:SetTopicAttributes", 67 | "SNS:RemovePermission", 68 | "SNS:Receive", 69 | "SNS:Publish", 70 | "SNS:ListSubscriptionsByTopic", 71 | "SNS:GetTopicAttributes", 72 | "SNS:DeleteTopic", 73 | "SNS:AddPermission", 74 | ] 75 | condition { 76 | test = "StringEquals" 77 | variable = "AWS:SourceOwner" 78 | 79 | values = [ 80 | data.aws_caller_identity.current.account_id, 81 | ] 82 | } 83 | effect = "Allow" 84 | principals { 85 | type = "AWS" 86 | identifiers = ["*"] 87 | } 88 | resources = [ 89 | format("arn:aws:sns:eu-west-1:%s:app/APNS/sns-test", data.aws_caller_identity.current.account_id) 90 | ] 91 | sid = "__default_statement_ID" 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /examples/APNS/complete/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = module.sns[*].arn 3 | description = "The ARN of the SNS platform application." 4 | } 5 | 6 | output "sqs-arn" { 7 | value = module.sqs.arn 8 | description = "The ARN of the SQS queue." 9 | } 10 | -------------------------------------------------------------------------------- /examples/APNS/complete/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/APNS/text/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "text" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## SNS module call. 12 | ##----------------------------------------------------------------------------- 13 | module "sns" { 14 | source = "./../../../" 15 | 16 | name = local.name 17 | environment = local.environment 18 | enable_sms_preference = true 19 | monthly_spend_limit = "1" 20 | 21 | delivery_status_success_sampling_rate = "50" 22 | default_sender_id = "test" 23 | default_sms_type = "Transactional" 24 | } 25 | -------------------------------------------------------------------------------- /examples/APNS/text/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = module.sns[*].arn 3 | description = "The ARN of the SNS platform application." 4 | } 5 | -------------------------------------------------------------------------------- /examples/APNS/text/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/GCM/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "sns" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## SNS module call. 12 | ##----------------------------------------------------------------------------- 13 | module "sns" { 14 | source = "./../../" 15 | 16 | name = local.name 17 | environment = local.environment 18 | enable_sns = true 19 | platform = "GCM" 20 | gcm_key = "AAAA8TYQCtc:APesgdrthyujioyhtgfds4icP_6Kyz3OT2Ms1cbJZDOq3AkCAt5tNpNE0g3oUQBdind1g7891cdrVAxbOmzL3XRd0ktgkFne2OwI7pC5an877XcBNQiHPMHT7dN7TykI2o6O2K" 21 | } 22 | -------------------------------------------------------------------------------- /examples/GCM/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = module.sns[*].arn 3 | description = "The ARN of the SNS platform application." 4 | } 5 | -------------------------------------------------------------------------------- /examples/GCM/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/_json/delivery_policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "http": { 3 | "defaultHealthyRetryPolicy": { 4 | "minDelayTarget": 20, 5 | "maxDelayTarget": 20, 6 | "numRetries": 3, 7 | "numMaxDelayRetries": 0, 8 | "numNoDelayRetries": 0, 9 | "numMinDelayRetries": 0, 10 | "backoffFunction": "linear" 11 | }, 12 | "disableSubscriptionOverrides": false, 13 | "defaultThrottlePolicy": { 14 | "maxReceivesPerSecond": 1 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /examples/certificates/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGUzCCBTugAwIBAgIIR8SqVoomgjIwDQYJKoZIhvcNAQELBQAwgZYxCzAJBgNV 3 | BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js 4 | ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3 5 | aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw 6 | HhcNMTkwNTIzMDUwODQwWhcNMjAwNjIxMDUwODQwWjCBtzEoMCYGCgmSJomT8ixk 7 | AQEMGGNvbS5pbmZsdWVuY2VidXNpbmVzcy5kdDE2MDQGA1UEAwwtQXBwbGUgUHVz 8 | aCBTZXJ2aWNlczogY29tLmluZmx1ZW5jZWJ1c2luZXNzLmR0MRMwEQYDVQQLDApZ 9 | Qkw2NDdKUlk2MTEwLwYDVQQKDChZZWxsb3cgT2JqZWN0cyBTb2x1dGlvbnMgUHJp 10 | dmF0ZSBMaW1pdGVkMQswCQYDVQQGEwJJTjCCASIwDQYJKoZIhvcNAQEBBQADggEP 11 | ADCCAQoCggEBAKLunx2ZvUUEd03yUPw2LIid5ftxzlhKwpKzVyAVzAXjVscz/6lh 12 | 4gBPwzM3SGEGjKhbfxgP9TPLhzXskoTiN+rcASHL8f38RVm6J7Vaa0omRN6+zuiy 13 | tuQH1JVf5+kYh9NPZwjNtVFZB7VoPLrVf0UTy1Z+jwS/r76B31SWAQy4ZeWXXzax 14 | rKT3v/kflnewCgWzSYcmexKcOJorRjpYnGpS+Tu9mCYGcTMCQn1FbMb+zn3v1mX7 15 | S1lUCG9CHkXZGqW4ZvOvzJBJoECq90myzB+gOPJS3+74HpwGO0RR2ANRXqKzwTi+ 16 | DpCk8vLkc/Alnjuvy0Hbp63ewzTxEcIGIccCAwEAAaOCAoAwggJ8MAwGA1UdEwEB 17 | /wQCMAAwHwYDVR0jBBgwFoAUiCcXCam2GGCL7Ou69kdZxVJUo7cwggEcBgNVHSAE 18 | ggETMIIBDzCCAQsGCSqGSIb3Y2QFATCB/TCBwwYIKwYBBQUHAgIwgbYMgbNSZWxp 19 | YW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFj 20 | Y2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBh 21 | bmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2Vy 22 | dGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA1BggrBgEFBQcCARYpaHR0 23 | cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkwEwYDVR0lBAww 24 | CgYIKwYBBQUHAwIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5hcHBsZS5j 25 | b20vd3dkcmNhLmNybDAdBgNVHQ4EFgQUPcvKa+SW/7cgcauTcNhUhse6qcowDgYD 26 | VR0PAQH/BAQDAgeAMBAGCiqGSIb3Y2QGAwEEAgUAMBAGCiqGSIb3Y2QGAwIEAgUA 27 | MIGQBgoqhkiG92NkBgMGBIGBMH8MGGNvbS5pbmZsdWVuY2VidXNpbmVzcy5kdDAF 28 | DANhcHAMHWNvbS5pbmZsdWVuY2VidXNpbmVzcy5kdC52b2lwMAYMBHZvaXAMJWNv 29 | bS5pbmZsdWVuY2VidXNpbmVzcy5kdC5jb21wbGljYXRpb24wDgwMY29tcGxpY2F0 30 | aW9uMA0GCSqGSIb3DQEBCwUAA4IBAQCG/QH6BfiO8uP7lmSpp7MXff3drNMe/nzK 31 | pGBNVT8Cl9jud7CwegmAeX9nd/9PbFqAoldHLjWOzCb2y7kgeVbksGEUeJ9iDAUM 32 | EWZHRUDfWfWp1s44lnCzsHJIux2tpsvoooNCWxUNCMBt2sk1RharNB5RuxYIpY+v 33 | cltaZc4hkV7iDH1WhZ4Akq3M1kApBp7dKA76ZqjIkl9exkvtuKXLPsTvSXCyPMNv 34 | rE92zd7+yVXGnArUL4tX4fATrO4zTIWGgcryO/2/T0WT/TjYR6wybMCnMeT0X096 35 | 7wUKI1vgafMPgWpc5ZTW1C5Xi+fbcwV89lm41Qik4+J4IuVOxfzj 36 | -----END CERTIFICATE----- 37 | -------------------------------------------------------------------------------- /examples/certificates/private_key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCi7p8dmb1FBHdN 3 | 8lD8NiyIneX7cc5YSsKSs1cgFcwF41bHM/+pYeIAT8MzN0hhBoyoW38YD/Uzy4c1 4 | 7JKE4jfq3AEhy/H9/EVZuie1WmtKJkTevs7osrbkB9SVX+fpGIfTT2cIzbVRWQe1 5 | aDy61X9FE8tWfo8Ev6++gd9UlgEMuGXll182sayk97/5H5Z3sAoFs0mHJnsSnDia 6 | K0Y6WJxqUvk7vZgmBnEzAkJ9RWzG/s5979Zl+0tZVAhvQh5F2RqluGbzr8yQSaBA 7 | qvdJsswfoDjyUt/u+B6cBjtEUdgDUV6is8E4vg6QpPLy5HPwJZ47r8tB26et3sM0 8 | 8RHCBiHHAgMBAAECggEAd/ywsvTQHK6QSZfEqigfHbDieAy0f/L2XWCzLc6/hCqK 9 | coLJqWyLKd2Ti/kPVVykYyuWahr+YVlmRoDk2fVaZpwEPWZa3MdWLyDXM0fWMTID 10 | j+IGr/lElKNrm2GYgOFuzV/xKduLxs+AzMhpyNGHO1C7cwQawM2FWA9+b2VUeo94 11 | noSwJgiGbJeC2zzziCnwJvEpQ8Rd10yitc1uCMU4dQ5u290zOR/qNnvwqAx2I0P2 12 | L7rnpjckWVcMkx5bQq9CE7sqAnxjmErKAVDFRpXnfAJheZfP9pQ/Lh6YNC2Ih4Up 13 | Bb5TGVsjzyETsV08SPJQqPB/GAtcMaNwDXc+Gcu66QKBgQDRJkj6v7oeYEcZfQfS 14 | xMipugiZcCpXmwie1VSQrFUjY9UckEd/4ucONekq9Maig2g5qcP+z6GUJmvXaRNw 15 | rIYBWhvyJ2J5056wX1MWEYzuqgRPHNr7Gs8L/g5tlQ+b1tnoE/mcrOlh+Ea+wJWp 16 | dZgvKn4ybWgbyceJX7xxD0yT7QKBgQDHbf145fMy0Rgr4LtVXTX5IM58OvXe+DKB 17 | hVBj2MEzMs81b2aXBZ0Rz1vFavc9DMSeumslhxHoodEyrEJocmo/dwZ8E86KQ4bZ 18 | uqOjNIjlOwo9WuPzEu4Yh4WBXNeltQmPoZ58tHMYkUba/gTG6c0SPxMpMX8Xs3Eh 19 | LzT1eeE+AwKBgB8X0PuuKy4+4/MPGm2kIazR4ltlSHYzryllz6eeZx3WxqTzch26 20 | Dt2W+C4Rq8IXRRRlf6TPG1daCuhAT8qNa3KiAcuTPVmdM1dHJKQAQfJtRiy4vnlc 21 | N/GxeFWkNmjVnRmadp5rOlr9PQ84tEc4G0LPz2kRyMtwyQBMQkiQnLLVAoGAe6ii 22 | /B0xwLfQkhyGbHcgqXqDLprsrDYgMxmz8EWN/q4pt8t8xHYxn8KA+BfMeGl7XaTg 23 | HWP0Ydg8vHv9rYAMi4/FUJiDgE5Axq8pGmDP5bvHLKY4JBf/1Ovrh3xHJzPrWslv 24 | WYoWuAwU8GOEGMcOZpr/yZIsaUjWBCqeXvwVA3sCgYEAxhQp7Xj9kOJPquqeM3NF 25 | Hg1EFJixchJy0gEN9P5HL+xja1j8eOmQzUZKYNcQ2u+LuQZR66QGEpbJLeDME27Z 26 | FCOnD+hBdX6Gygi6HBFCk5MizRJ0Yh7abvTcrcf+jjtv1KOnykNDxgAIv2f5SFjP 27 | sYrQMXxPTXmLwExfLGFWZdA= 28 | -----END PRIVATE KEY----- 29 | -------------------------------------------------------------------------------- /examples/sns_topic/example.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = "eu-west-1" 3 | } 4 | 5 | locals { 6 | name = "sqs" 7 | environment = "test" 8 | } 9 | 10 | ##----------------------------------------------------------------------------- 11 | ## SNS module call. 12 | ##----------------------------------------------------------------------------- 13 | module "sns" { 14 | source = "./../../" 15 | 16 | name = local.name 17 | environment = local.environment 18 | enable_topic = true 19 | 20 | subscribers = { 21 | newrelic = { 22 | protocol = "https" 23 | endpoint = "https://example.com" 24 | endpoint_auto_confirms = false 25 | raw_message_delivery = true 26 | filter_policy = "" 27 | delivery_policy = "" 28 | confirmation_timeout_in_minutes = "60" 29 | }, 30 | sms = { 31 | protocol = "sms" 32 | endpoint = "+9198xxxxxx" 33 | endpoint_auto_confirms = false 34 | raw_message_delivery = false 35 | filter_policy = "" 36 | delivery_policy = "" 37 | confirmation_timeout_in_minutes = "60" 38 | }, 39 | 40 | } 41 | 42 | data_protection_policy = jsonencode( 43 | { 44 | Description = "Deny Inbound Address" 45 | Name = "DenyInboundEmailAdressPolicy" 46 | Statement = [ 47 | { 48 | "DataDirection" = "Inbound" 49 | "DataIdentifier" = [ 50 | "arn:aws:dataprotection::aws:data-identifier/EmailAddress", 51 | ] 52 | "Operation" = { 53 | "Deny" = {} 54 | } 55 | "Principal" = [ 56 | "*", 57 | ] 58 | "Sid" = "DenyInboundEmailAddress" 59 | }, 60 | ] 61 | Version = "2021-06-01" 62 | } 63 | ) 64 | } 65 | -------------------------------------------------------------------------------- /examples/sns_topic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | value = module.sns[*].topic-arn 3 | description = "The ARN of the SNS platform application." 4 | } 5 | -------------------------------------------------------------------------------- /examples/sns_topic/versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | data "aws_caller_identity" "current" {} 2 | 3 | ##----------------------------------------------------------------------------- 4 | ## Labels module callled that will be used for naming and tags. 5 | ##----------------------------------------------------------------------------- 6 | module "labels" { 7 | source = "clouddrove/labels/aws" 8 | version = "1.3.0" 9 | name = var.name 10 | repository = var.repository 11 | environment = var.environment 12 | managedby = var.managedby 13 | label_order = var.label_order 14 | } 15 | 16 | ##----------------------------------------------------------------------------- 17 | ## Creates a platform application object for one of the supported push notification services, such as APNS and GCM (Firebase Cloud Messaging), to which devices and mobile apps may register. 18 | ##----------------------------------------------------------------------------- 19 | resource "aws_sns_platform_application" "default" { 20 | count = var.enabled && var.enable_sns ? 1 : 0 21 | name = module.labels.id 22 | platform = var.platform 23 | platform_credential = length(var.gcm_key) > 0 ? var.gcm_key : file(var.key) 24 | platform_principal = length(var.gcm_key) > 0 ? var.gcm_key : file(var.certificate) 25 | event_delivery_failure_topic_arn = var.event_delivery_failure_topic_arn 26 | event_endpoint_created_topic_arn = var.event_endpoint_created_topic_arn 27 | event_endpoint_deleted_topic_arn = var.event_endpoint_deleted_topic_arn 28 | event_endpoint_updated_topic_arn = var.event_endpoint_updated_topic_arn 29 | failure_feedback_role_arn = var.failure_feedback_role_arn 30 | success_feedback_role_arn = var.success_feedback_role_arn 31 | success_feedback_sample_rate = var.success_feedback_sample_rate 32 | } 33 | 34 | ##----------------------------------------------------------------------------- 35 | ## Amazon Simple Notification Service (Amazon SNS) coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. 36 | ##----------------------------------------------------------------------------- 37 | #tfsec:ignore:aws-sns-enable-topic-encryption 38 | resource "aws_sns_topic" "default" { 39 | count = var.enabled && var.enable_topic ? 1 : 0 40 | name = module.labels.id 41 | display_name = var.display_name 42 | policy = var.policy 43 | delivery_policy = var.delivery_policy 44 | application_success_feedback_role_arn = var.application_success_feedback_role_arn 45 | application_success_feedback_sample_rate = var.application_success_feedback_sample_rate 46 | application_failure_feedback_role_arn = var.application_failure_feedback_role_arn 47 | http_success_feedback_role_arn = var.http_success_feedback_role_arn 48 | http_success_feedback_sample_rate = var.http_success_feedback_sample_rate 49 | http_failure_feedback_role_arn = var.http_failure_feedback_role_arn 50 | kms_master_key_id = var.kms_master_key_id 51 | lambda_success_feedback_role_arn = var.lambda_success_feedback_role_arn 52 | lambda_success_feedback_sample_rate = var.lambda_success_feedback_sample_rate 53 | lambda_failure_feedback_role_arn = var.lambda_failure_feedback_role_arn 54 | sqs_success_feedback_role_arn = var.sqs_success_feedback_role_arn 55 | sqs_success_feedback_sample_rate = var.sqs_success_feedback_sample_rate 56 | sqs_failure_feedback_role_arn = var.sqs_failure_feedback_role_arn 57 | content_based_deduplication = var.content_based_deduplication 58 | fifo_topic = var.fifo_topic 59 | signature_version = var.fifo_topic ? null : var.signature_version 60 | tracing_config = var.tracing_config 61 | tags = module.labels.tags 62 | } 63 | 64 | ##----------------------------------------------------------------------------- 65 | ## rovides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. 66 | ##----------------------------------------------------------------------------- 67 | resource "aws_sns_topic_subscription" "this" { 68 | for_each = var.subscribers 69 | topic_arn = join("", aws_sns_topic.default[*].arn) 70 | protocol = var.subscribers[each.key].protocol 71 | endpoint = var.subscribers[each.key].endpoint 72 | endpoint_auto_confirms = var.subscribers[each.key].endpoint_auto_confirms 73 | raw_message_delivery = var.subscribers[each.key].raw_message_delivery 74 | filter_policy = var.subscribers[each.key].filter_policy 75 | delivery_policy = var.subscribers[each.key].delivery_policy 76 | confirmation_timeout_in_minutes = var.subscribers[each.key].confirmation_timeout_in_minutes 77 | } 78 | 79 | ##----------------------------------------------------------------------------- 80 | ## Provides a way to set SNS SMS preferences. 81 | ##----------------------------------------------------------------------------- 82 | resource "aws_sns_sms_preferences" "default" { 83 | count = var.enabled && var.enable_sms_preference ? 1 : 0 84 | monthly_spend_limit = var.monthly_spend_limit 85 | delivery_status_iam_role_arn = var.delivery_status_iam_role_arn 86 | delivery_status_success_sampling_rate = var.delivery_status_success_sampling_rate 87 | default_sender_id = var.default_sender_id 88 | default_sms_type = var.default_sms_type 89 | usage_report_s3_bucket = var.usage_report_s3_bucket 90 | } 91 | 92 | ##----------------------------------------------------------------------------- 93 | ## Provides an SNS topic policy resource.. 94 | ##----------------------------------------------------------------------------- 95 | resource "aws_sns_topic_policy" "this" { 96 | count = var.enabled && var.create_topic_policy ? 1 : 0 97 | arn = aws_sns_topic.default[0].arn 98 | policy = data.aws_iam_policy_document.this[0].json 99 | } 100 | 101 | data "aws_iam_policy_document" "this" { 102 | count = var.enabled && var.create_topic_policy ? 1 : 0 103 | 104 | source_policy_documents = var.source_topic_policy_documents 105 | override_policy_documents = var.override_topic_policy_documents 106 | 107 | dynamic "statement" { 108 | for_each = var.enable_default_topic_policy ? [1] : [] 109 | 110 | content { 111 | sid = "__default_statement_ID" 112 | actions = [ 113 | "sns:Subscribe", 114 | "sns:SetTopicAttributes", 115 | "sns:RemovePermission", 116 | "sns:Publish", 117 | "sns:ListSubscriptionsByTopic", 118 | "sns:GetTopicAttributes", 119 | "sns:DeleteTopic", 120 | "sns:AddPermission", 121 | ] 122 | effect = "Allow" 123 | resources = [aws_sns_topic.default[0].arn] 124 | 125 | principals { 126 | type = "AWS" 127 | identifiers = ["*"] 128 | } 129 | 130 | condition { 131 | test = "StringEquals" 132 | values = [data.aws_caller_identity.current.account_id] 133 | variable = "AWS:SourceOwner" 134 | } 135 | } 136 | } 137 | 138 | dynamic "statement" { 139 | for_each = var.topic_policy_statements 140 | 141 | content { 142 | sid = try(statement.value.sid, statement.key) 143 | actions = try(statement.value.actions, null) 144 | not_actions = try(statement.value.not_actions, null) 145 | effect = try(statement.value.effect, null) 146 | # This avoids the chicken vs the egg scenario since its embedded and can reference the topic 147 | resources = try(statement.value.resources, [aws_sns_topic.default[0].arn]) 148 | not_resources = try(statement.value.not_resources, null) 149 | 150 | dynamic "principals" { 151 | for_each = try(statement.value.principals, []) 152 | 153 | content { 154 | type = principals.value.type 155 | identifiers = principals.value.identifiers 156 | } 157 | } 158 | 159 | dynamic "not_principals" { 160 | for_each = try(statement.value.not_principals, []) 161 | 162 | content { 163 | type = not_principals.value.type 164 | identifiers = not_principals.value.identifiers 165 | } 166 | } 167 | 168 | dynamic "condition" { 169 | for_each = try(statement.value.conditions, []) 170 | 171 | content { 172 | test = condition.value.test 173 | values = condition.value.values 174 | variable = condition.value.variable 175 | } 176 | } 177 | } 178 | } 179 | } 180 | 181 | resource "aws_sns_topic_data_protection_policy" "this" { 182 | count = var.enabled && var.data_protection_policy != null && !var.fifo_topic ? 1 : 0 183 | arn = aws_sns_topic.default[0].arn 184 | policy = var.data_protection_policy 185 | } 186 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | # Module : SNS Module 2 | # Description : Terraform SNS module outputs. 3 | output "id" { 4 | value = join("", aws_sns_platform_application.default[*].id) 5 | description = "The ID of the SNS platform application." 6 | } 7 | 8 | output "arn" { 9 | value = join("", aws_sns_platform_application.default[*].arn) 10 | description = "The ARN of the SNS platform application." 11 | } 12 | 13 | output "topic-id" { 14 | value = join("", aws_sns_topic.default[*].id) 15 | description = "The ID of the SNS topic." 16 | } 17 | 18 | output "topic-arn" { 19 | value = join("", aws_sns_topic.default[*].arn) 20 | description = "The ARN of the SNS topic." 21 | } 22 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | #Module : LABEL 2 | #Description : Terraform label module variables 3 | variable "name" { 4 | type = string 5 | default = "" 6 | description = "Name (e.g. `app` or `cluster`)." 7 | } 8 | 9 | variable "repository" { 10 | type = string 11 | default = "https://github.com/clouddrove/terraform-aws-sns" 12 | description = "Terraform current module repo" 13 | } 14 | 15 | variable "environment" { 16 | type = string 17 | default = "" 18 | description = "Environment (e.g. `prod`, `dev`, `staging`)." 19 | } 20 | 21 | variable "label_order" { 22 | type = list(any) 23 | default = ["name", "environment"] 24 | description = "Label order, e.g. `name`,`application`." 25 | } 26 | 27 | variable "managedby" { 28 | type = string 29 | default = "hello@clouddrove.com" 30 | description = "ManagedBy, eg 'CloudDrove'." 31 | } 32 | 33 | # Module : SNS Module 34 | # Description : Terraform SNS module variables 35 | variable "enabled" { 36 | type = bool 37 | default = true 38 | description = "Boolean indicating whether or not to create sns module." 39 | } 40 | 41 | variable "platform" { 42 | type = string 43 | default = "" 44 | description = "The platform that the app is registered with. See Platform for supported platforms like 'APNS' 'GCM'." 45 | } 46 | 47 | variable "key" { 48 | type = string 49 | default = "" 50 | description = "Application Platform credential. See Credential for type of credential required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources." 51 | } 52 | variable "gcm_key" { 53 | type = string 54 | default = "" 55 | description = "Application Platform credential. See Credential for type of credential required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources." 56 | sensitive = true 57 | } 58 | 59 | variable "certificate" { 60 | type = string 61 | default = "" 62 | description = "application Platform principal. See Principal for type of principal required for platform. The value of this attribute when stored into the Terraform state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources." 63 | } 64 | 65 | variable "event_delivery_failure_topic_arn" { 66 | type = string 67 | default = "" 68 | description = "SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure." 69 | } 70 | 71 | variable "event_endpoint_created_topic_arn" { 72 | type = string 73 | default = "" 74 | description = "SNS Topic triggered when a new platform endpoint is added to your platform application." 75 | } 76 | 77 | variable "event_endpoint_deleted_topic_arn" { 78 | type = string 79 | default = "" 80 | description = "SNS Topic triggered when an existing platform endpoint is deleted from your platform application." 81 | } 82 | 83 | variable "event_endpoint_updated_topic_arn" { 84 | type = string 85 | default = "" 86 | description = "SNS Topic triggered when an existing platform endpoint is changed from your platform application." 87 | } 88 | 89 | variable "failure_feedback_role_arn" { 90 | type = string 91 | default = "" 92 | description = "The IAM role permitted to receive failure feedback for this application." 93 | } 94 | 95 | variable "success_feedback_role_arn" { 96 | type = string 97 | default = "" 98 | description = "The IAM role permitted to receive success feedback for this application." 99 | sensitive = true 100 | } 101 | 102 | variable "success_feedback_sample_rate" { 103 | type = number 104 | default = 100 105 | description = "The percentage of success to sample (0-100)." 106 | } 107 | 108 | variable "display_name" { 109 | type = string 110 | default = "" 111 | description = "The display name for the SNS topic." 112 | } 113 | 114 | variable "policy" { 115 | type = string 116 | default = "" 117 | description = "The fully-formed AWS policy as JSON. For more information about building AWS IAM policy documents with Terraform." 118 | } 119 | 120 | variable "delivery_policy" { 121 | type = string 122 | default = null 123 | description = "The SNS delivery policy." 124 | } 125 | 126 | variable "application_success_feedback_role_arn" { 127 | type = string 128 | default = "" 129 | description = "The IAM role permitted to receive success feedback for this topic." 130 | } 131 | 132 | variable "application_success_feedback_sample_rate" { 133 | type = number 134 | default = 100 135 | description = "Percentage of success to sample." 136 | } 137 | 138 | variable "application_failure_feedback_role_arn" { 139 | type = string 140 | default = "" 141 | description = "IAM role for failure feedback." 142 | } 143 | 144 | variable "http_success_feedback_role_arn" { 145 | type = string 146 | default = "" 147 | description = "The IAM role permitted to receive success feedback for this topic." 148 | sensitive = true 149 | } 150 | 151 | variable "http_success_feedback_sample_rate" { 152 | type = number 153 | default = 100 154 | description = "Percentage of success to sample." 155 | } 156 | 157 | variable "http_failure_feedback_role_arn" { 158 | type = string 159 | default = "" 160 | description = "IAM role for failure feedback." 161 | } 162 | 163 | variable "kms_master_key_id" { 164 | type = string 165 | default = "" 166 | description = "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information." 167 | } 168 | 169 | variable "lambda_success_feedback_role_arn" { 170 | type = string 171 | default = "" 172 | description = "The IAM role permitted to receive success feedback for this topic." 173 | } 174 | 175 | variable "lambda_success_feedback_sample_rate" { 176 | type = number 177 | default = 100 178 | description = "Percentage of success to sample." 179 | } 180 | 181 | variable "lambda_failure_feedback_role_arn" { 182 | type = string 183 | default = "" 184 | description = "IAM role for failure feedback." 185 | } 186 | 187 | variable "sqs_success_feedback_role_arn" { 188 | type = string 189 | default = "" 190 | description = "The IAM role permitted to receive success feedback for this topic." 191 | } 192 | 193 | variable "sqs_success_feedback_sample_rate" { 194 | type = number 195 | default = 100 196 | description = "Percentage of success to sample." 197 | } 198 | 199 | variable "sqs_failure_feedback_role_arn" { 200 | type = string 201 | default = "" 202 | description = "IAM role for failure feedback." 203 | } 204 | 205 | variable "enable_sms_preference" { 206 | type = bool 207 | default = false 208 | description = "Boolean indicating whether or not to update SNS SMS Preference." 209 | } 210 | 211 | variable "enable_topic" { 212 | type = bool 213 | default = false 214 | description = "Boolean indicating whether or not to create topic." 215 | } 216 | 217 | variable "enable_sns" { 218 | type = bool 219 | default = false 220 | description = "Boolean indicating whether or not to create sns." 221 | } 222 | 223 | variable "monthly_spend_limit" { 224 | type = number 225 | default = 1 226 | description = "The maximum amount in USD that you are willing to spend each month to send SMS messages." 227 | } 228 | 229 | variable "delivery_status_iam_role_arn" { 230 | type = string 231 | default = "" 232 | description = "The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs." 233 | sensitive = true 234 | } 235 | 236 | variable "delivery_status_success_sampling_rate" { 237 | type = number 238 | default = 50 239 | description = "The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value must be between 0 and 100." 240 | } 241 | 242 | variable "default_sender_id" { 243 | type = string 244 | default = "" 245 | description = "A string, such as your business brand, that is displayed as the sender on the receiving device." 246 | } 247 | 248 | variable "default_sms_type" { 249 | type = string 250 | default = "Transactional" 251 | description = "The type of SMS message that you will send by default. Possible values are: Promotional, Transactional." 252 | } 253 | 254 | variable "usage_report_s3_bucket" { 255 | type = string 256 | default = "" 257 | description = "The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS." 258 | } 259 | 260 | variable "subscribers" { 261 | type = map(object({ 262 | protocol = string 263 | # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below). 264 | endpoint = string 265 | # The endpoint to send data to, the contents will vary with the protocol. (see below for more information) 266 | endpoint_auto_confirms = bool 267 | # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false) 268 | raw_message_delivery = bool 269 | # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false) 270 | filter_policy = string 271 | # JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. 272 | delivery_policy = string 273 | # The SNS delivery policy 274 | confirmation_timeout_in_minutes = string 275 | # Integer indicating number of minutes to wait in retying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols. 276 | })) 277 | description = "Required configuration for subscibres to SNS topic." 278 | default = {} 279 | } 280 | 281 | variable "content_based_deduplication" { 282 | type = bool 283 | default = false 284 | description = "Boolean indicating whether or not to enable content-based deduplication for FIFO topics." 285 | } 286 | 287 | variable "signature_version" { 288 | type = number 289 | default = null 290 | description = "If SignatureVersion should be 1 (SHA1) or 2 (SHA256). The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS." 291 | } 292 | 293 | variable "tracing_config" { 294 | type = string 295 | default = null 296 | description = "Tracing mode of an Amazon SNS topic. Valid values: PassThrough, Active." 297 | } 298 | 299 | variable "create_topic_policy" { 300 | type = bool 301 | default = true 302 | description = "Determines whether an SNS topic policy is created" 303 | } 304 | 305 | variable "source_topic_policy_documents" { 306 | type = list(string) 307 | default = [] 308 | description = "List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s" 309 | } 310 | 311 | variable "override_topic_policy_documents" { 312 | type = list(string) 313 | default = [] 314 | description = "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid`" 315 | } 316 | 317 | variable "enable_default_topic_policy" { 318 | type = bool 319 | default = true 320 | description = "Specifies whether to enable the default topic policy. Defaults to `true`" 321 | } 322 | 323 | variable "topic_policy_statements" { 324 | type = any 325 | default = {} 326 | description = "A map of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) for custom permission usage" 327 | } 328 | 329 | variable "fifo_topic" { 330 | type = bool 331 | default = false 332 | description = "Boolean indicating whether or not to create a FIFO (first-in-first-out) topic" 333 | } 334 | 335 | variable "data_protection_policy" { 336 | type = string 337 | default = null 338 | description = "A map of data protection policy statements" 339 | } 340 | -------------------------------------------------------------------------------- /versions.tf: -------------------------------------------------------------------------------- 1 | # Terraform version 2 | terraform { 3 | required_version = ">= 1.6.6" 4 | 5 | required_providers { 6 | aws = { 7 | source = "hashicorp/aws" 8 | version = ">= 5.31.0" 9 | } 10 | } 11 | } 12 | --------------------------------------------------------------------------------