Releases: sudoblark/sudoblark.terraform.module.aws.sns
Releases · sudoblark/sudoblark.terraform.module.aws.sns
Make iam_policy_statements optional
Description
Whilst building out terraform.sudoblark.terraform.modularised-demo we realised that iam_policy_statements aren't really needed if an SNS topic only has email subscriptions, but they're a mandatory requirement for the data structure and even setting to an empty list still attempts to create policies with incorrect JSON.
Therefore, this release is simply to make iam_policy_statements an optional argument for the module, in order to support a purely email SNS topic.
What's Changed
- Make iam_policy_statements optional by @benjaminlukeclark in #5
Full Changelog: 1.0.2...1.1.0
Supported data structure
Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- suffix : Suffix for the topic, will also be used as a unified index for Terraform resources.
- subscriptions : A list of dictionaries, where each dictionary defines:
-- endpoint : Actual endpoint to deliver to, see constraints for more information.
-- name : Friendly name for the endpoint, used for unique indexing in Terraform.
-- protocol : Determines the subscription type, permissible types are: email, lambda
OPTIONAL
---------
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining topic policy permissions.
Defaults to an empty list.
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions : An OPTIONAL list of dictionaries, which each defines:
---- test : Test condition for limiting the action
---- variable : Value to test
---- values : A list of strings, denoting what to test for
--- principals : An list of dictionaries, which each defines:
---- type : A string defining what type the principle(s) is/are
---- identifiers : A list of strings, where each string is an allowed principle
Constraints
---------
- if endpoints.protocol == lambda then:
-- endpoint must be ARN of a lambda function
-- name must be name of a lambda function
- if endpoints.protocol == email, then endpoint must be an email address
- Only lambda and email endpoints.protocol values are supported
Feedback
Submit suggestions for improvements to [email protected].
Contributors
benjaminlukeclark
Assets 2
Fix incompatible AWS provider versions internally
Description
The versions of the AWS provider required across sudoblark.terraform.module.* modules was inconsistent, thus we were unable to actually utilise all of the modules in a complete solution.
This release bumps the version of AWS provider required such that SNS may be utilised with other modules across the sudoblark.terrraform.module namespace.
Changelog available here
TL; DR
Resolve fundamental AWS provider differences between this module and others in the namespace.
SUPPORTED MODULE DATA STRUCTURE (Unchanged since last release)
Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- suffix : Suffix for the topic, will also be used as a unified index for Terraform resources.
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining topic policy permissions.
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions : An OPTIONAL list of dictionaries, which each defines:
---- test : Test condition for limiting the action
---- variable : Value to test
---- values : A list of strings, denoting what to test for
--- principals : An list of dictionaries, which each defines:
---- type : A string defining what type the principle(s) is/are
---- identifiers : A list of strings, where each string is an allowed principle
- subscriptions : A list of dictionaries, where each dictionary defines:
-- endpoint : Actual endpoint to deliver to, see constraints for more information.
-- name : Friendly name for the endpoint, used for unique indexing in Terraform.
-- protocol : Determines the subscription type, permissible types are: email, lambda
Constraints
---------
- if endpoints.protocol == lambda then:
-- endpoint must be ARN of a lambda function
-- name must be name of a lambda function
- if endpoints.protocol == email, then endpoint must be an email address
- Only lambda and email endpoints.protocol values are supported
FEEDBACK
Submit suggestions for improvements to [email protected].
Fix lambda_and_email example to actually plan
Description
Fix examples and add CI to ensure they're always valid.
What's Changed
- Update examples code by @benjaminlukeclark in #1
New Contributors
- @benjaminlukeclark made their first contribution in #1
Full Changelog: 1.0.0...1.0.1
TL; DR
- Fix lambda_and_email example
- Add CI pipeline to validate both examples and module on a commit to an open pull request
NEW
- commit-to-pr GitHub action workflow to:
- Run terraform validate against the module and examples
- Run tflint against the module and examples
- Run terraform plan against the examples
FIXED
- Fix the lambda_and_email example to actually work with the module by:
- Changing to HTTPS auth for the module itself
- Update example data structure to actually be valid for the module
- Fix a small typo in the variables.tf
SUPPORTED MODULE DATA STRUCTURE (UNCHANGED SINCE LAST RELEASE)
Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- suffix : Suffix for the topic, will also be used as a unified index for Terraform resources.
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining topic policy permissions.
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions : An OPTIONAL list of dictionaries, which each defines:
---- test : Test condition for limiting the action
---- variable : Value to test
---- values : A list of strings, denoting what to test for
--- principals : An list of dictionaries, which each defines:
---- type : A string defining what type the principle(s) is/are
---- identifiers : A list of strings, where each string is an allowed principle
- subscriptions : A list of dictionaries, where each dictionary defines:
-- endpoint : Actual endpoint to deliver to, see constraints for more information.
-- name : Friendly name for the endpoint, used for unique indexing in Terraform.
-- protocol : Determines the subscription type, permissible types are: email, lambda
Constraints
---------
- if endpoints.protocol == lambda then:
-- endpoint must be ARN of a lambda function
-- name must be name of a lambda function
- if endpoints.protocol == email, then endpoint must be an email address
- Only lambda and email endpoints.protocol values are supported
FEEDBACK
Submit suggestions for improvements to [email protected].
Contributors
benjaminlukeclark
Assets 2
Initial module setup
Description
The initial release of the SNS module.
Changelog available here.
TL; DR
- A new terraform module to allow creation of
nSNS topics with customised IAM permissions, supporting both lambda and email subscriptions, all via an easy to use data structure for extensibility and mutability.
NEW
- For each dictionary provided, this module:
- Creates a new SNS topic
- Creates, and associates to the SNS topic, an IAM role
- For each dictionary in
iam_policy_statements:- Creates a policy and attaches to the IAM role for the SNS topic
- For each dictionary in
subscriptions:- Creates and attaches a subscription to the SNS topic
- If the target is a lambda, automatic provision of lambda permissions to actually allow execution
Please see examples folder for example instantiation of module.
SUPPORTED MODULE DATA STRUCTURE
Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:
REQUIRED
---------
- suffix : Suffix for the topic, will also be used as a unified index for Terraform resources.
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining topic policy permissions.
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions : An OPTIONAL list of dictionaries, which each defines:
---- test : Test condition for limiting the action
---- variable : Value to test
---- values : A list of strings, denoting what to test for
--- principals : An list of dictionaries, which each defines:
---- type : A string defining what type the principle(s) is/are
---- identifiers : A list of strings, where each string is an allowed principle
- subscriptions : A list of dictionaries, where each dictionary defines:
-- endpoint : Actual endpoint to deliver to, see constraints for more information.
-- name : Friendly name for the endpoint, used for unique indexing in Terraform.
-- protocol : Determines the subscription type, permissible types are: email, lambda
Constraints
---------
- if endpoints.protocol == lambda then:
-- endpoint must be ARN of a lambda function
-- name must be name of a lambda function
- if endpoints.protocol == email, then endpoint must be an email address
- Only lambda and email endpoints.protocol values are supported
FEEDBACK
Submit suggestions for improvements to [email protected].