forked from ExpediaGroup/apiary-data-lake
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsns.tf
105 lines (94 loc) · 2.99 KB
/
sns.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/**
* Copyright (C) 2018-2020 Expedia, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
*/
resource "aws_sns_topic" "apiary_ops_sns" {
name = "${local.instance_alias}-operational-events"
tags = var.apiary_tags
}
resource "aws_sns_topic" "apiary_metadata_events" {
count = var.enable_metadata_events ? 1 : 0
name = "${local.instance_alias}-metadata-events"
tags = var.apiary_tags
policy = length(var.apiary_customer_accounts) == 0 ? null : <<POLICY
{
"Version":"2012-10-17",
"Statement":[{
"Effect": "Allow",
"Principal": {
"AWS": [ "${join("\",\"", formatlist("arn:aws:iam::%s:root", var.apiary_customer_accounts))}" ]
},
"Action": [ "SNS:Subscribe", "SNS:Receive" ],
"Resource": "arn:aws:sns:*:*:${local.instance_alias}-metadata-events"
}]
}
POLICY
}
resource "aws_sns_topic" "apiary_data_events" {
for_each = var.enable_data_events ? {
for schema in local.schemas_info : "${schema["schema_name"]}" => schema if lookup(schema, "enable_data_events_sqs", "0") == "0"
} : {}
name = "${local.instance_alias}-${each.value["resource_suffix"]}-data-events"
tags = var.apiary_tags
policy = <<POLICY
{
"Version":"2012-10-17",
"Statement":[{
"Effect": "Allow",
"Principal": {"AWS":"*"},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:*:*:${local.instance_alias}-${each.value["resource_suffix"]}-data-events",
"Condition":{
"ArnLike":{"aws:SourceArn":"${aws_s3_bucket.apiary_data_bucket[each.key].arn}"}
}
}]
}
POLICY
}
resource "aws_sqs_queue" "apiary_data_event_queue" {
count = local.create_sqs_data_event_queue ? 1 : 0
name = "${local.instance_alias}-data-event-queue"
tags = var.apiary_tags
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "s3.amazonaws.com" },
"Action": "sqs:SendMessage",
"Resource": "arn:aws:sqs:*:*:${local.instance_alias}-data-event-queue",
"Condition":{
"ArnLike":{"aws:SourceArn":"arn:aws:s3:::${local.apiary_bucket_prefix}-*"}
}
}
]
}
POLICY
}
resource "aws_sqs_queue" "apiary_managed_logs_queue" {
count = local.enable_apiary_s3_log_management ? 1 : 0
name = "${local.instance_alias}-s3-logs-queue"
tags = var.apiary_tags
visibility_timeout_seconds = var.s3_logs_sqs_visibility_timeout_seconds
message_retention_seconds = var.s3_logs_sqs_message_retention_seconds
delay_seconds = var.s3_logs_sqs_delay_seconds
receive_wait_time_seconds = var.s3_logs_sqs_receive_wait_time_seconds
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "s3.amazonaws.com" },
"Action": "sqs:SendMessage",
"Resource": "arn:aws:sqs:*:*:${local.instance_alias}-s3-logs-queue",
"Condition":{
"ArnEquals":{"aws:SourceArn":"arn:aws:s3:::${local.apiary_s3_logs_bucket}"}
}
}
]
}
POLICY
}