Skip to content

Make iam_policy_statements optional

Latest
Latest
Compare
Choose a tag to compare
@benjaminlukeclark benjaminlukeclark released this 08 Oct 13:59
· 1 commit to main since this release
1.1.0
e97453f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Description

Whilst building out terraform.sudoblark.terraform.modularised-demo we realised that iam_policy_statements aren't really needed if an SNS topic only has email subscriptions, but they're a mandatory requirement for the data structure and even setting to an empty list still attempts to create policies with incorrect JSON.

Therefore, this release is simply to make iam_policy_statements an optional argument for the module, in order to support a purely email SNS topic.

What's Changed

Full Changelog: 1.0.2...1.1.0

Supported data structure

Data structure
---------------
A list of dictionaries, where each dictionary has the following attributes:

REQUIRED
---------
- suffix                : Suffix for the topic, will also be used as a unified index for Terraform resources.

- subscriptions          : A list of dictionaries, where each dictionary defines:
-- endpoint             : Actual endpoint to deliver to, see constraints for more information.
-- name                 : Friendly name for the endpoint, used for unique indexing in Terraform.
-- protocol             : Determines the subscription type, permissible types are: email, lambda

OPTIONAL
---------
- iam_policy_statements : A list of dictionaries where each dictionary is an IAM statement defining topic policy permissions.
                          Defaults to an empty list.
-- Each dictionary in this list must define the following attributes:
--- sid: Friendly name for the policy, no spaces or special characters allowed
--- actions: A list of IAM actions the state machine is allowed to perform
--- resources: Which resource(s) the state machine may perform the above actions against
--- conditions    : An OPTIONAL list of dictionaries, which each defines:
---- test         : Test condition for limiting the action
---- variable     : Value to test
---- values       : A list of strings, denoting what to test for
--- principals    : An list of dictionaries, which each defines:
---- type         : A string defining what type the principle(s) is/are
---- identifiers  : A list of strings, where each string is an allowed principle

Constraints
---------
- if endpoints.protocol == lambda then:
-- endpoint must be ARN of a lambda function
-- name must be name of a lambda function
- if endpoints.protocol == email, then endpoint must be an email address

- Only lambda and email endpoints.protocol values are supported

Feedback

Submit suggestions for improvements to [email protected].

Contributors

benjaminlukeclark
Assets 2
Loading