initial commit

2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
@@ -0,0 +1,47 @@
+<!-- This readme file is generated with terraform-docs -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 1.3.0 |
+| aws | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_sns_topic.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
+| [aws_sns_topic_subscription.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
+| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| email-addresses | Email recipients of SNS notifications | `set(string)` | n/a | yes |
+| kms-key-id | KMS key id for SNS topic at-rest encryption. Make sure the sender has access to this key | `string` | n/a | yes |
+| sender | ARN of SNS sender or sending service name | `string` | n/a | yes |
+| sender-type | Sender principal type. Value should be either *AWS* or *Service* | `string` | n/a | yes |
+| sns-topic-description | SNS topic display name | `string` | n/a | yes |
+| sns-topic-name | Name of SNS topic | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| sns-topic-arn | n/a |
+ 
+---
+## Authorship
+This module was developed by xpk.
@@ -0,0 +1,69 @@
+data "aws_caller_identity" "this" {}
+data "aws_region" "this" {}
+
+resource "aws_sns_topic" "this" {
+  name              = var.sns-topic-name
+  display_name      = var.sns-topic-description
+  kms_master_key_id = var.kms-key-id
+  policy = jsonencode(
+    {
+      "Version" : "2008-10-17",
+      "Id" : "SnsTopicPolicy",
+      "Statement" : [
+        {
+          "Sid" : "SnsTopicAdmin",
+          "Effect" : "Allow",
+          "Principal" : {
+            "AWS" : data.aws_caller_identity.this.account_id
+          },
+          "Action" : [
+            "SNS:GetTopicAttributes",
+            "SNS:SetTopicAttributes",
+            "SNS:AddPermission",
+            "SNS:RemovePermission",
+            "SNS:DeleteTopic",
+            "SNS:Subscribe",
+            "SNS:ListSubscriptionsByTopic",
+            "SNS:Publish",
+            "SNS:Receive"
+          ],
+          "Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}",
+          "Condition" : {
+            "StringEquals" : {
+              "AWS:SourceOwner" : data.aws_caller_identity.this.account_id
+            }
+          }
+        },
+        {
+          "Sid" : "AllowPublishing",
+          "Effect" : "Allow",
+          "Principal" : {
+            "${var.sender-type}" : var.sender
+          },
+          "Action" : "sns:Publish",
+          "Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}"
+        },
+        {
+          "Sid" : "AllowPublishThroughSSLOnly",
+          "Action" : "SNS:Publish",
+          "Effect" : "Deny",
+          "Resource" : "arn:aws:sns:${data.aws_region.this.name}:${data.aws_caller_identity.this.account_id}:${var.sns-topic-name}",
+          "Condition" : {
+            "Bool" : {
+              "aws:SecureTransport" : "false"
+            }
+          },
+          "Principal" : "*"
+        }
+      ]
+    }
+  )
+}
+
+resource "aws_sns_topic_subscription" "this" {
+  for_each  = var.email-addresses
+  topic_arn = aws_sns_topic.this.arn
+  protocol  = "email"
+  endpoint  = each.value
+}
+
@@ -0,0 +1,3 @@
+output "sns-topic-arn" {
+  value = aws_sns_topic.this.arn
+}
@@ -0,0 +1,33 @@
+variable "sender" {
+  type        = string
+  description = "ARN of SNS sender or sending service name"
+}
+
+variable "sender-type" {
+  type        = string
+  description = "Sender principal type. Value should be either *AWS* or *Service*"
+  validation {
+    condition     = var.sender-type == "AWS" || var.sender-type == "Service"
+    error_message = "Valid values are AWS or Service"
+  }
+}
+
+variable "sns-topic-name" {
+  type        = string
+  description = "Name of SNS topic"
+}
+
+variable "sns-topic-description" {
+  type        = string
+  description = "SNS topic display name"
+}
+
+variable "kms-key-id" {
+  type        = string
+  description = "KMS key id for SNS topic at-rest encryption. Make sure the sender has access to this key"
+}
+
+variable "email-addresses" {
+  type        = set(string)
+  description = "Email recipients of SNS notifications"
+}
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0"
+    }
+  }
+}