From 717c266ca28abd04db40eb7d64598d3ab789a506 Mon Sep 17 00:00:00 2001 From: vijay Date: Sun, 10 Jul 2022 09:37:38 +0530 Subject: [PATCH 01/12] add main.tf file --- terraform-aws-sns/main.tf | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 terraform-aws-sns/main.tf diff --git a/terraform-aws-sns/main.tf b/terraform-aws-sns/main.tf new file mode 100644 index 0000000..e69de29 From bca03eaeebe01095efe90b7a88fb3b3fcc7bec2c Mon Sep 17 00:00:00 2001 From: vijay Date: Sun, 10 Jul 2022 09:48:47 +0530 Subject: [PATCH 02/12] update file --- terraform-aws-sns/main.tf | 93 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) diff --git a/terraform-aws-sns/main.tf b/terraform-aws-sns/main.tf index e69de29..2a0b3dd 100644 --- a/terraform-aws-sns/main.tf +++ b/terraform-aws-sns/main.tf @@ -0,0 +1,93 @@ +## Managed By : S3CloudHub +## Description : This Script is used to create SNS Platform Application, SNS Topic, Topic Subscription and Sms Preferences. +## Copyright @ S3CloudHub. All Right Reserved. + +#Module : label +#Description : This terraform module is designed to generate consistent label names and +# tags for resources. You can use terraform-labels to implement a strict +# naming convention. +module "labels" { + source = "F:/Office_Work/git-clone-easyaws/Terraform-Tutorial\terraform-aws-sns" + version = "0.15.0" + + name = var.name + repository = var.repository + environment = var.environment + managedby = var.managedby + attributes = var.attributes + label_order = var.label_order +} + +#Module : SNS +#Description : Terraform module is used to setup SNS service to manage notifications on +# application. +resource "aws_sns_platform_application" "default" { + count = var.enabled && var.enable_sns ? 1 : 0 + + name = module.labels.id + platform = var.platform + platform_credential = length(var.gcm_key) > 0 ? var.gcm_key : file(var.key) + platform_principal = length(var.gcm_key) > 0 ? var.gcm_key : file(var.certificate) + event_delivery_failure_topic_arn = var.event_delivery_failure_topic_arn + event_endpoint_created_topic_arn = var.event_endpoint_created_topic_arn + event_endpoint_deleted_topic_arn = var.event_endpoint_deleted_topic_arn + event_endpoint_updated_topic_arn = var.event_endpoint_updated_topic_arn + failure_feedback_role_arn = var.failure_feedback_role_arn + success_feedback_role_arn = var.success_feedback_role_arn + success_feedback_sample_rate = var.success_feedback_sample_rate +} + +#Module : SNS TOPIC +#Description : Terraform module which creates SNS Topic resources on AWS +#tfsec:ignore:aws-sns-enable-topic-encryption +resource "aws_sns_topic" "default" { + count = var.enabled && var.enable_topic ? 1 : 0 + + name = module.labels.id + display_name = var.display_name + policy = var.policy + delivery_policy = var.delivery_policy + application_success_feedback_role_arn = var.application_success_feedback_role_arn + application_success_feedback_sample_rate = var.application_success_feedback_sample_rate + application_failure_feedback_role_arn = var.application_failure_feedback_role_arn + http_success_feedback_role_arn = var.http_success_feedback_role_arn + http_success_feedback_sample_rate = var.http_success_feedback_sample_rate + http_failure_feedback_role_arn = var.http_failure_feedback_role_arn + kms_master_key_id = var.kms_master_key_id + lambda_success_feedback_role_arn = var.lambda_success_feedback_role_arn + lambda_success_feedback_sample_rate = var.lambda_success_feedback_sample_rate + lambda_failure_feedback_role_arn = var.lambda_failure_feedback_role_arn + sqs_success_feedback_role_arn = var.sqs_success_feedback_role_arn + sqs_success_feedback_sample_rate = var.sqs_success_feedback_sample_rate + sqs_failure_feedback_role_arn = var.sqs_failure_feedback_role_arn + tags = module.labels.tags +} + +#Module : SNS TOPIC SUBSCRIPTION +#Description : Terraform module which creates SNS Topic Subscription resources on AWS +resource "aws_sns_topic_subscription" "this" { + for_each = var.subscribers + topic_arn = join("", aws_sns_topic.default.*.arn) + protocol = var.subscribers[each.key].protocol + endpoint = var.subscribers[each.key].endpoint + endpoint_auto_confirms = var.subscribers[each.key].endpoint_auto_confirms + raw_message_delivery = var.subscribers[each.key].raw_message_delivery + filter_policy = var.subscribers[each.key].filter_policy + delivery_policy = var.subscribers[each.key].delivery_policy + confirmation_timeout_in_minutes = var.subscribers[each.key].confirmation_timeout_in_minutes + +} + + +#Module : SNS SMS Preferences +#Description : Terraform module which creates SNS SMS Preferences on AWS +resource "aws_sns_sms_preferences" "default" { + count = var.enabled && var.enable_sms_preference ? 1 : 0 + + monthly_spend_limit = var.monthly_spend_limit + delivery_status_iam_role_arn = var.delivery_status_iam_role_arn + delivery_status_success_sampling_rate = var.delivery_status_success_sampling_rate + default_sender_id = var.default_sender_id + default_sms_type = var.default_sms_type + usage_report_s3_bucket = var.usage_report_s3_bucket +} From f1ebb8db0ac2ca796b6629bf99612d116a5a4623 Mon Sep 17 00:00:00 2001 From: prajapatinitin393 Date: Mon, 11 Jul 2022 14:20:57 +0530 Subject: [PATCH 03/12] create module --- terraform-aws-sns/example/example.tf | 11 ++ terraform-aws-sns/example/variable.tf | 12 ++ terraform-aws-sns/main.tf | 134 ++++++++---------- terraform-aws-sns/variable.tf | 191 ++++++++++++++++++++++++++ 4 files changed, 270 insertions(+), 78 deletions(-) create mode 100644 terraform-aws-sns/example/example.tf create mode 100644 terraform-aws-sns/example/variable.tf create mode 100644 terraform-aws-sns/variable.tf diff --git a/terraform-aws-sns/example/example.tf b/terraform-aws-sns/example/example.tf new file mode 100644 index 0000000..96c8163 --- /dev/null +++ b/terraform-aws-sns/example/example.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = "eu-west-1" +} + +module "sns_cloudwatch" { + source = "../" + name = "capture-aws-sign-in" + description = "Capture each AWS Console Sign In" + target_id = "SendToSNS" +} + diff --git a/terraform-aws-sns/example/variable.tf b/terraform-aws-sns/example/variable.tf new file mode 100644 index 0000000..966e0bc --- /dev/null +++ b/terraform-aws-sns/example/variable.tf @@ -0,0 +1,12 @@ +# Terraform version +terraform { + required_version = ">= 0.14.11" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.1.15" + } + } +} + diff --git a/terraform-aws-sns/main.tf b/terraform-aws-sns/main.tf index 2a0b3dd..be1adb6 100644 --- a/terraform-aws-sns/main.tf +++ b/terraform-aws-sns/main.tf @@ -1,93 +1,71 @@ -## Managed By : S3CloudHub -## Description : This Script is used to create SNS Platform Application, SNS Topic, Topic Subscription and Sms Preferences. -## Copyright @ S3CloudHub. All Right Reserved. +provider "aws" { + region = var.region +} -#Module : label -#Description : This terraform module is designed to generate consistent label names and -# tags for resources. You can use terraform-labels to implement a strict -# naming convention. -module "labels" { - source = "F:/Office_Work/git-clone-easyaws/Terraform-Tutorial\terraform-aws-sns" - version = "0.15.0" +resource "aws_cloudwatch_event_rule" "default" { + count = var.enabled == true ? 1 : 0 - name = var.name - repository = var.repository - environment = var.environment - managedby = var.managedby - attributes = var.attributes - label_order = var.label_order + name = var.name + description = var.description + event_pattern = < 0 ? var.gcm_key : file(var.key) - platform_principal = length(var.gcm_key) > 0 ? var.gcm_key : file(var.certificate) - event_delivery_failure_topic_arn = var.event_delivery_failure_topic_arn - event_endpoint_created_topic_arn = var.event_endpoint_created_topic_arn - event_endpoint_deleted_topic_arn = var.event_endpoint_deleted_topic_arn - event_endpoint_updated_topic_arn = var.event_endpoint_updated_topic_arn - failure_feedback_role_arn = var.failure_feedback_role_arn - success_feedback_role_arn = var.success_feedback_role_arn - success_feedback_sample_rate = var.success_feedback_sample_rate +resource "aws_cloudwatch_event_target" "default" { + count = var.enabled == true ? 1 : 0 + rule = aws_cloudwatch_event_rule.default.*.name[0] + target_id = var.target_id + arn = aws_sns_topic.this[count.index].arn + input_path = var.input_path != "" ? var.input_path : null + role_arn = var.target_role_arn } -#Module : SNS TOPIC -#Description : Terraform module which creates SNS Topic resources on AWS -#tfsec:ignore:aws-sns-enable-topic-encryption -resource "aws_sns_topic" "default" { - count = var.enabled && var.enable_topic ? 1 : 0 +resource "aws_sns_topic" "this" { + count = var.enabled ? 1 : 0 - name = module.labels.id - display_name = var.display_name - policy = var.policy - delivery_policy = var.delivery_policy - application_success_feedback_role_arn = var.application_success_feedback_role_arn - application_success_feedback_sample_rate = var.application_success_feedback_sample_rate - application_failure_feedback_role_arn = var.application_failure_feedback_role_arn - http_success_feedback_role_arn = var.http_success_feedback_role_arn - http_success_feedback_sample_rate = var.http_success_feedback_sample_rate - http_failure_feedback_role_arn = var.http_failure_feedback_role_arn - kms_master_key_id = var.kms_master_key_id - lambda_success_feedback_role_arn = var.lambda_success_feedback_role_arn - lambda_success_feedback_sample_rate = var.lambda_success_feedback_sample_rate - lambda_failure_feedback_role_arn = var.lambda_failure_feedback_role_arn - sqs_success_feedback_role_arn = var.sqs_success_feedback_role_arn - sqs_success_feedback_sample_rate = var.sqs_success_feedback_sample_rate - sqs_failure_feedback_role_arn = var.sqs_failure_feedback_role_arn - tags = module.labels.tags + name = var.snsname + display_name = var.display_name + kms_master_key_id = var.kms_master_key_id + delivery_policy = var.delivery_policy + fifo_topic = var.fifo_topic + content_based_deduplication = var.content_based_deduplication } -#Module : SNS TOPIC SUBSCRIPTION -#Description : Terraform module which creates SNS Topic Subscription resources on AWS resource "aws_sns_topic_subscription" "this" { - for_each = var.subscribers - topic_arn = join("", aws_sns_topic.default.*.arn) - protocol = var.subscribers[each.key].protocol - endpoint = var.subscribers[each.key].endpoint - endpoint_auto_confirms = var.subscribers[each.key].endpoint_auto_confirms - raw_message_delivery = var.subscribers[each.key].raw_message_delivery - filter_policy = var.subscribers[each.key].filter_policy - delivery_policy = var.subscribers[each.key].delivery_policy - confirmation_timeout_in_minutes = var.subscribers[each.key].confirmation_timeout_in_minutes + for_each = var.enabled ? var.subscribers : {} + topic_arn = join("", aws_sns_topic.this.*.arn) + protocol = var.subscribers[each.key].protocol + endpoint = var.subscribers[each.key].endpoint + endpoint_auto_confirms = var.subscribers[each.key].endpoint_auto_confirms + raw_message_delivery = var.subscribers[each.key].raw_message_delivery } +resource "aws_sns_topic_policy" "default" { + count = var.sns_topic_policy_enabled ? 1 : 0 -#Module : SNS SMS Preferences -#Description : Terraform module which creates SNS SMS Preferences on AWS -resource "aws_sns_sms_preferences" "default" { - count = var.enabled && var.enable_sms_preference ? 1 : 0 - - monthly_spend_limit = var.monthly_spend_limit - delivery_status_iam_role_arn = var.delivery_status_iam_role_arn - delivery_status_success_sampling_rate = var.delivery_status_success_sampling_rate - default_sender_id = var.default_sender_id - default_sms_type = var.default_sms_type - usage_report_s3_bucket = var.usage_report_s3_bucket + arn = aws_sns_topic.this[count.index].arn + policy = data.aws_iam_policy_document.sns_topic_policy[count.index].json } + +data "aws_iam_policy_document" "sns_topic_policy" { + count = var.sns_topic_policy_enabled ? 1 : 0 + statement { + effect = "Allow" + actions = ["SNS:Publish"] + + principals { + type = "Service" + identifiers = ["events.amazonaws.com"] + } + + resources = [aws_sns_topic.this[count.index].arn] + } +} \ No newline at end of file diff --git a/terraform-aws-sns/variable.tf b/terraform-aws-sns/variable.tf new file mode 100644 index 0000000..57be46f --- /dev/null +++ b/terraform-aws-sns/variable.tf @@ -0,0 +1,191 @@ +variable "region" { + type = string + default = "eu-west-1" +} + +variable "enabled" { + type = bool + default = true +} + +variable "sns_topic_policy_enabled" { + type = bool + default = true +} + +variable "display_name" { + type = string + default = "" +} + +variable "name" { + type = string + default = "" + description = "Name (e.g. `app` or `cluster`)." +} + +variable "description" { + type = string + default = "" + description = "The description for the rule." +} + +variable "role_arn" { + type = string + default = "" + description = "The Amazon Resource Name (ARN) associated with the role that is used for target invocation." +} + +variable "is_enabled" { + type = bool + default = true + description = "Whether the rule should be enabled (defaults to true)." +} + +variable "target_id" { + type = string + default = "" + description = "The Amazon Resource Name (ARN) associated with the role that is used for target invocation." +} + +variable "arn" { + type = string + default = "" + description = "The Amazon Resource Name (ARN) associated with the role that is used for target invocation." +} + +variable "input_path" { + type = string + default = "" + description = "The value of the JSONPath that is used for extracting part of the matched event when passing it to the target." +} + +variable "target_role_arn" { + type = string + default = "" + description = "The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if ecs_target is used." +} + +variable "input_paths" { + type = map(any) + default = {} + description = "Key value pairs specified in the form of JSONPath (for example, time = $.time)" + +} + +variable "snsname" { + type = string + default = "" + description = "Name (e.g. `app` or `cluster`)." +} + +variable "subscribers" { + type = map(object({ + protocol = string + # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below) (email is an option but is unsupported, see below). + endpoint = string + # The endpoint to send data to, the contents will vary with the protocol. (see below for more information) + endpoint_auto_confirms = bool + # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false) + raw_message_delivery = bool + # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false) + })) + description = "Required configuration for subscibres to SNS topic." + default = {} +} + +variable "allowed_aws_services_for_sns_published" { + type = list(string) + description = "AWS services that will have permission to publish to SNS topic. Used when no external JSON policy is used" + default = [] +} + +variable "kms_master_key_id" { + type = string + description = "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK." + default = "alias/aws/sns" +} + +variable "encryption_enabled" { + type = bool + description = "Whether or not to use encryption for SNS Topic. If set to `true` and no custom value for KMS key (kms_master_key_id) is provided, it uses the default `alias/aws/sns` KMS key." + default = true +} + +variable "sqs_queue_kms_master_key_id" { + type = string + description = "The ID of an AWS-managed customer master key (CMK) for Amazon SQS Queue or a custom CMK" + default = "alias/aws/sqs" +} + +variable "sqs_queue_kms_data_key_reuse_period_seconds" { + type = number + description = "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again" + default = 300 +} + +variable "allowed_iam_arns_for_sns_publish" { + type = list(string) + description = "IAM role/user ARNs that will have permission to publish to SNS topic. Used when no external json policy is used." + default = [] +} + +variable "sns_topic_policy_json" { + type = string + description = "The fully-formed AWS policy as JSON" + default = "" +} + +variable "sqs_dlq_enabled" { + type = bool + description = "Enable delivery of failed notifications to SQS and monitor messages in queue." + default = false +} + +variable "sqs_dlq_max_message_size" { + type = number + description = "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB)." + default = 262144 +} + +variable "sqs_dlq_message_retention_seconds" { + type = number + description = "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)." + default = 1209600 +} + +variable "delivery_policy" { + type = string + description = "The SNS delivery policy as JSON." + default = null +} + +variable "fifo_topic" { + type = bool + description = "Whether or not to create a FIFO (first-in-first-out) topic" + default = false +} + +variable "fifo_queue_enabled" { + type = bool + description = "Whether or not to create a FIFO (first-in-first-out) queue" + default = false +} + +variable "content_based_deduplication" { + type = bool + description = "Enable content-based deduplication for FIFO topics" + default = false +} + +variable "redrive_policy_max_receiver_count" { + type = number + description = "The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ReceiveCount for a message exceeds the maxReceiveCount for a queue, Amazon SQS moves the message to the dead-letter-queue." + default = 5 +} + +variable "redrive_policy" { + type = string + description = "The SNS redrive policy as JSON. This overrides `var.redrive_policy_max_receiver_count` and the `deadLetterTargetArn` (supplied by `var.fifo_queue = true`) passed in by the module." + default = null +} \ No newline at end of file From 6534e5cab0344bc20e1558fd7686057749089187 Mon Sep 17 00:00:00 2001 From: prajapatinitin393 Date: Mon, 11 Jul 2022 14:41:18 +0530 Subject: [PATCH 04/12] update module --- terraform-aws-sns/example/example.tf | 5 +++-- terraform-aws-sns/main.tf | 6 +++--- terraform-aws-sns/variable.tf | 8 ++++---- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/terraform-aws-sns/example/example.tf b/terraform-aws-sns/example/example.tf index 96c8163..e85178d 100644 --- a/terraform-aws-sns/example/example.tf +++ b/terraform-aws-sns/example/example.tf @@ -4,8 +4,9 @@ provider "aws" { module "sns_cloudwatch" { source = "../" - name = "capture-aws-sign-in" + cloudwatch_event_rule_name = "capture-aws-sign-in" description = "Capture each AWS Console Sign In" - target_id = "SendToSNS" + sns_name = "mysns" + sns_display_name = "demosns" } diff --git a/terraform-aws-sns/main.tf b/terraform-aws-sns/main.tf index be1adb6..4b94e9a 100644 --- a/terraform-aws-sns/main.tf +++ b/terraform-aws-sns/main.tf @@ -5,7 +5,7 @@ provider "aws" { resource "aws_cloudwatch_event_rule" "default" { count = var.enabled == true ? 1 : 0 - name = var.name + name = var.cloudwatch_event_rule_name description = var.description event_pattern = < Date: Mon, 11 Jul 2022 14:44:09 +0530 Subject: [PATCH 05/12] change name --- terraform-aws-sns/example/example.tf | 1 - terraform-aws-sns/example/{variable.tf => version.tf} | 0 2 files changed, 1 deletion(-) rename terraform-aws-sns/example/{variable.tf => version.tf} (100%) diff --git a/terraform-aws-sns/example/example.tf b/terraform-aws-sns/example/example.tf index e85178d..8ec2354 100644 --- a/terraform-aws-sns/example/example.tf +++ b/terraform-aws-sns/example/example.tf @@ -9,4 +9,3 @@ module "sns_cloudwatch" { sns_name = "mysns" sns_display_name = "demosns" } - diff --git a/terraform-aws-sns/example/variable.tf b/terraform-aws-sns/example/version.tf similarity index 100% rename from terraform-aws-sns/example/variable.tf rename to terraform-aws-sns/example/version.tf From f0b14c3d7f8133816555d5f361e9241c585a1a54 Mon Sep 17 00:00:00 2001 From: prajapatinitin393 Date: Mon, 11 Jul 2022 15:11:59 +0530 Subject: [PATCH 06/12] add source --- terraform-aws-sns/example/example.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-aws-sns/example/example.tf b/terraform-aws-sns/example/example.tf index 8ec2354..13347d8 100644 --- a/terraform-aws-sns/example/example.tf +++ b/terraform-aws-sns/example/example.tf @@ -3,7 +3,7 @@ provider "aws" { } module "sns_cloudwatch" { - source = "../" + source = "github.com/easyawslearn/Terraform-Tutorial/terraform-aws-sns" cloudwatch_event_rule_name = "capture-aws-sign-in" description = "Capture each AWS Console Sign In" sns_name = "mysns" From 6027c9df4f51e5c61750fa11a1960e22b1946213 Mon Sep 17 00:00:00 2001 From: Vijay Patel Date: Tue, 12 Jul 2022 12:02:26 +0530 Subject: [PATCH 07/12] configure lambda function --- terraform-aws-sns/example/.terraform.lock.hcl | 22 +++++++ terraform-aws-sns/example/example.tf | 2 + terraform-aws-sns/main.tf | 63 ++++++++++++++++++- terraform-aws-sns/python/hello-python.py | 5 ++ terraform-aws-sns/variable.tf | 10 +++ 5 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 terraform-aws-sns/example/.terraform.lock.hcl create mode 100644 terraform-aws-sns/python/hello-python.py diff --git a/terraform-aws-sns/example/.terraform.lock.hcl b/terraform-aws-sns/example/.terraform.lock.hcl new file mode 100644 index 0000000..f72ada9 --- /dev/null +++ b/terraform-aws-sns/example/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.22.0" + constraints = ">= 3.1.15" + hashes = [ + "h1:KOsejPSvd2eEfuhtbLilFMnQZlaOJ53p7/NR+4qSibo=", + "zh:299efb8ba733b7742f0ef1c5c5467819e0c7bf46264f5f36ba6b6674304a5244", + "zh:4db198a41d248491204d4ca644662c32f748177d5cbe01f3c7adbb957d4d77f0", + "zh:62ebc2b05b25eafecb1a75f19d6fc5551faf521ada9df9e5682440d927f642e1", + "zh:636b590840095b4f817c176034cf649f543c0ce514dc051d6d0994f0a05c53ef", + "zh:8594bd8d442288873eee56c0b4535cbdf02cacfcf8f6ddcf8cd5f45bb1d3bc80", + "zh:8e18a370949799f20ba967eec07a84aaedf95b3ee5006fe5af6eae13fbf39dc3", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:aa968514231e404fb53311d8eae2e8b6bde1fdad1f4dd5a592ab93d9cbf11af4", + "zh:af8e5c48bf36d4fff1a6fca760d5b85f14d657cbdf95e9cd5e898c68104bad31", + "zh:d8a75ba36bf8b6f2e49be5682f48eccb6c667a4484afd676ae347213ae208622", + "zh:dd7c419674a47e587dabe98b150a8f1f7e31c248c68e8bf5e9ca0a400b5e2c4e", + "zh:fdeb6314a2ce97489bbbece59511f78306955e8a23b02cbd1485bd04185a3673", + ] +} diff --git a/terraform-aws-sns/example/example.tf b/terraform-aws-sns/example/example.tf index 13347d8..96c8f77 100644 --- a/terraform-aws-sns/example/example.tf +++ b/terraform-aws-sns/example/example.tf @@ -8,4 +8,6 @@ module "sns_cloudwatch" { description = "Capture each AWS Console Sign In" sns_name = "mysns" sns_display_name = "demosns" + lambda_function_name = "S3cloudHub_Test_Lambda_Function" + lambda_function_runtime = "python3.8" } diff --git a/terraform-aws-sns/main.tf b/terraform-aws-sns/main.tf index 4b94e9a..a94ca7b 100644 --- a/terraform-aws-sns/main.tf +++ b/terraform-aws-sns/main.tf @@ -43,7 +43,7 @@ resource "aws_sns_topic_subscription" "this" { topic_arn = join("", aws_sns_topic.this.*.arn) protocol = var.subscribers[each.key].protocol - endpoint = var.subscribers[each.key].endpoint + endpoint = aws_lambda_function.terraform_lambda_func.arn endpoint_auto_confirms = var.subscribers[each.key].endpoint_auto_confirms raw_message_delivery = var.subscribers[each.key].raw_message_delivery } @@ -68,4 +68,65 @@ data "aws_iam_policy_document" "sns_topic_policy" { resources = [aws_sns_topic.this[count.index].arn] } +} + +resource "aws_iam_role" "lambda_role" { + name = "S3cloudHub_Test_Lambda_Function_Role" + assume_role_policy = < Date: Sun, 31 Jul 2022 16:25:27 +0530 Subject: [PATCH 08/12] Create main.tf --- main.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 main.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..657181f --- /dev/null +++ b/main.tf @@ -0,0 +1,11 @@ +data "template_file" "kms_policy" { + template = "${file("${path.module}/kms_policy.json.tpl")}" + + vars { + account_id = "${var.account_id}" + } +} + +resource "aws_kms_key" "key" { + policy = "${data.template_file.kms_policy.rendered}" +} From db2c0ef48b92abdbca55ae6a164bbbff6f43a6bc Mon Sep 17 00:00:00 2001 From: Vijay Patel <35554905+easyawslearn@users.noreply.github.com> Date: Sun, 31 Jul 2022 16:26:15 +0530 Subject: [PATCH 09/12] Create kms_policy.json.tpl --- kms_policy.json.tpl | 1 + 1 file changed, 1 insertion(+) create mode 100644 kms_policy.json.tpl diff --git a/kms_policy.json.tpl b/kms_policy.json.tpl new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/kms_policy.json.tpl @@ -0,0 +1 @@ + From e0575f006fe191918b5627599d1bc8a5019d57a9 Mon Sep 17 00:00:00 2001 From: Vijay Patel <35554905+easyawslearn@users.noreply.github.com> Date: Sun, 31 Jul 2022 16:27:12 +0530 Subject: [PATCH 10/12] Update kms_policy.json.tpl --- kms_policy.json.tpl | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/kms_policy.json.tpl b/kms_policy.json.tpl index 8b13789..16ca140 100644 --- a/kms_policy.json.tpl +++ b/kms_policy.json.tpl @@ -1 +1,13 @@ - +{ + "Version": "2012-10-17", + "Id": "kms-key-policy", + "Statement": [ + { + "Sid": "Enable IAM User Permissions", + "Effect": "Allow", + "Principal": {"AWS": "arn:aws:iam::${account_id}:root"},{"Service": "logs.us-east-1.amazonaws.com"}, + "Action": "kms:*", + "Resource": "*" + } + ] +} From 8a7e932981e8f7cefe0c10691e6d3d00c9837a9a Mon Sep 17 00:00:00 2001 From: Vijay Patel <35554905+easyawslearn@users.noreply.github.com> Date: Sun, 31 Jul 2022 17:43:06 +0530 Subject: [PATCH 11/12] Update kms_policy.json.tpl --- kms_policy.json.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kms_policy.json.tpl b/kms_policy.json.tpl index 16ca140..f956b2f 100644 --- a/kms_policy.json.tpl +++ b/kms_policy.json.tpl @@ -5,7 +5,7 @@ { "Sid": "Enable IAM User Permissions", "Effect": "Allow", - "Principal": {"AWS": "arn:aws:iam::${account_id}:root"},{"Service": "logs.us-east-1.amazonaws.com"}, + "Principal": {"AWS": "arn:aws:iam::${account_id}:root","Service": "logs.us-east-1.amazonaws.com"}, "Action": "kms:*", "Resource": "*" } From 65d0164f2f217d7899165421796cfede7247ec03 Mon Sep 17 00:00:00 2001 From: Vijay Patel <35554905+easyawslearn@users.noreply.github.com> Date: Sun, 31 Jul 2022 17:44:07 +0530 Subject: [PATCH 12/12] Update main.tf --- main.tf | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 657181f..9aa1984 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ data "template_file" "kms_policy" { - template = "${file("${path.module}/kms_policy.json.tpl")}" + template = "${file("${kms_policy.json.tpl")}" vars { account_id = "${var.account_id}" @@ -9,3 +9,10 @@ data "template_file" "kms_policy" { resource "aws_kms_key" "key" { policy = "${data.template_file.kms_policy.rendered}" } + +resource "aws_cloudwatch_log_group" "yada" { + name = "vijay" + + kms_key_id = aws_kms_key.key.arn + +}