Add sns-fifo-topic and sns-standard-topic modules (#9)

Author: posquit0

.github/labeler.yaml

@@ -3,3 +3,7 @@
 - modules/eventbridge-event-bus/**/*
 ":floppy_disk: msk-cluster":
 - modules/msk-cluster/**/*
+":floppy_disk: sns-fifo-topic":
+- modules/sns-fifo-topic/**/*
+":floppy_disk: sns-standard-topic":
+- modules/sns-standard-topic/**/*

.github/labels.yaml

@@ -46,3 +46,9 @@
 - color: "fbca04"
   description: "This issue or pull request is related to msk-cluster module."
   name: ":floppy_disk: msk-cluster"
+- color: "fbca04"
+  description: "This issue or pull request is related to sns-fifo-topic module."
+  name: ":floppy_disk: sns-fifo-topic"
+- color: "fbca04"
+  description: "This issue or pull request is related to sns-standard-topic module."
+  name: ":floppy_disk: sns-standard-topic"

README.md

@@ -8,6 +8,8 @@ Terraform module which creates messaging related resources on AWS.
 
 - [eventbridge-event-bus](./modules/eventbridge-event-bus)
 - [msk-cluster](./modules/msk-cluster)
+- [sns-fifo-topic](./modules/sns-fifo-topic)
+- [sns-standard-topic](./modules/sns-standard-topic)
 
 
 ## Target AWS Services
@@ -19,11 +21,19 @@ Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-
 - **AWS MSK (Managed Streaming for Apache Kafka)**
   - Cluster
 - **AWS SNS (Simple Notification Service)**
-  - Comming Soon!
+  - FIFO Topic
+  - Standard Topic
 - **AWS SQS (Simple Queue Service)**
   - Comming Soon!
 
 
+## Examples
+
+### SNS (Simple Notification Service)
+
+- [sns-standard-topic-email-subscription](./examples/sns-standard-topic-email-subscription)
+
+
 ## Self Promotion
 
 Like this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-messaging). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub.

examples/sns-standard-topic-email-subscription/main.tf

@@ -0,0 +1,64 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+
+###################################################
+# SNS Topic
+###################################################
+
+module "topic" {
+  source = "../../modules/sns-standard-topic"
+  # source  = "tedilabs/messaging/aws//modules/sns-standard-topic"
+  # version = "~> 0.2.0"
+
+  name         = "standard-test-email"
+  display_name = "Standard Test Email"
+
+  subscriptions_by_email = [
+    {
+      email = "admin@example.com"
+    },
+    {
+      email = "admin+dlq@example.com"
+      redrive_policy = {
+        dead_letter_sqs_queue = "arn:aws:sqs:us-east-1:123456789123:test"
+      }
+    },
+    {
+      email = "admin+filter@example.com"
+      filter_policy = {
+        enabled = true
+        scope   = "ATTRIBUTES"
+        policy = jsonencode({
+          "store" = ["example_corp"]
+        })
+      }
+    },
+  ]
+  subscriptions_by_email_json = [
+    {
+      email = "admin@example.com"
+    },
+    {
+      email = "admin+dlq@example.com"
+      redrive_policy = {
+        dead_letter_sqs_queue = "arn:aws:sqs:us-east-1:123456789123:test"
+      }
+    },
+    {
+      email = "admin+filter@example.com"
+      filter_policy = {
+        enabled = true
+        scope   = "ATTRIBUTES"
+        policy = jsonencode({
+          "store" = ["example_corp"]
+        })
+      }
+    },
+  ]
+
+  tags = {
+    "project" = "terraform-aws-messaging-examples"
+  }
+}

examples/sns-standard-topic-email-subscription/outputs.tf

@@ -0,0 +1,4 @@
+output "topic" {
+  description = "The SNS topic."
+  value       = module.topic
+}

examples/sns-standard-topic-email-subscription/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}

modules/sns-fifo-topic/README.md

@@ -0,0 +1,70 @@
+# sns-fifo-topic
+
+This module creates following resources.
+
+- `aws_sns_topic`
+- `aws_sns_topic_policy` (optional)
+- `aws_sns_topic_subscription` (optional)
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.5 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_sns_topic.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
+| [aws_sns_topic_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
+| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_name"></a> [name](#input\_name) | (Required) The name of the SNS topic. Topic names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. For a FIFO (first-in-first-out) topic, the name must end with the `.fifo` suffix. | `string` | n/a | yes |
+| <a name="input_content_based_deduplication"></a> [content\_based\_deduplication](#input\_content\_based\_deduplication) | (Optional) Whether to enable default message deduplication based on message content. If set to `false`, a deduplication ID must be provided for every publish request. | `bool` | `false` | no |
+| <a name="input_display_name"></a> [display\_name](#input\_display\_name) | (Optional) The display name to use for a topic with SMS subscriptions. | `string` | `""` | no |
+| <a name="input_encryption_at_rest"></a> [encryption\_at\_rest](#input\_encryption\_at\_rest) | (Optional) A configuration to encrypt at rest in the SNS topic. Amazon SNS provides in-transit encryption by default. Enabling server-side encryption adds at-rest encryption to your topic. Amazon SNS encrypts your message as soon as it is received. The message is decrypted immediately prior to delivery. `encryption_at_rest` as defined below.<br>    (Optional) `enabled` - Whether to enable encryption at rest. Defaults to `false`.<br>    (Optional) `kms_key` - The ID of AWS KMS CMK (Customer Master Key) used for the encryption. | <pre>object({<br>    enabled = optional(bool, false)<br>    kms_key = optional(string)<br>  })</pre> | `{}` | no |
+| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
+| <a name="input_policy"></a> [policy](#input\_policy) | (Optional) A valid policy JSON document. The resource-based policy defines who can publish or subscribe to the SNS topic. | `string` | `null` | no |
+| <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
+| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
+| <a name="input_signature_version"></a> [signature\_version](#input\_signature\_version) | (Optional) The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. Defaults to `1`. | `number` | `1` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
+| <a name="input_xray_tracing_enabled"></a> [xray\_tracing\_enabled](#input\_xray\_tracing\_enabled) | (Optional) Whether to activate AWS X-Ray Active Tracing mode for the SNS topic. If set to Active, Amazon SNS will vend X-Ray segment data to topic owner account if the sampled flag in the tracing header is true. Defaults to `false`, and the topic passes through the tracing header it receives from an Amazon SNS publisher to its subscriptions. | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the SNS topic. |
+| <a name="output_content_based_deduplication"></a> [content\_based\_deduplication](#output\_content\_based\_deduplication) | Whether to enable default message deduplication based on message content. |
+| <a name="output_display_name"></a> [display\_name](#output\_display\_name) | The display name for a topic with SMS subscriptions. |
+| <a name="output_encryption_at_rest"></a> [encryption\_at\_rest](#output\_encryption\_at\_rest) | A configuration to encrypt at rest in the SNS topic. |
+| <a name="output_id"></a> [id](#output\_id) | The ID of the SNS topic. |
+| <a name="output_name"></a> [name](#output\_name) | The name for the SNS topic. |
+| <a name="output_owner"></a> [owner](#output\_owner) | The AWS Account ID of the SNS topic owner. |
+| <a name="output_signature_version"></a> [signature\_version](#output\_signature\_version) | The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. |
+| <a name="output_type"></a> [type](#output\_type) | The type of the SNS topic. |
+| <a name="output_xray_tracing_enabled"></a> [xray\_tracing\_enabled](#output\_xray\_tracing\_enabled) | Whether to activate AWS X-Ray Active Tracing mode for the SNS topic. |
+| <a name="output_z"></a> [z](#output\_z) | The list of log streams for the log group. |
+| <a name="output_zz"></a> [zz](#output\_zz) | The list of log streams for the log group. |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/sns-fifo-topic/main.tf

@@ -0,0 +1,74 @@
+locals {
+  metadata = {
+    package = "terraform-aws-messaging"
+    version = trimspace(file("${path.module}/../../VERSION"))
+    module  = basename(path.module)
+    name    = var.name
+  }
+  module_tags = var.module_tags_enabled ? {
+    "module.terraform.io/package"   = local.metadata.package
+    "module.terraform.io/version"   = local.metadata.version
+    "module.terraform.io/name"      = local.metadata.module
+    "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
+    "module.terraform.io/instance"  = local.metadata.name
+  } : {}
+}
+
+
+###################################################
+# SNS Topic
+###################################################
+
+# INFO: Not supported attributes
+# - `name_prefix`
+# - `delivery_policy`
+resource "aws_sns_topic" "this" {
+  name         = var.name
+  display_name = var.display_name
+  fifo_topic   = true
+
+  content_based_deduplication = var.content_based_deduplication
+
+
+  ## Observability
+  tracing_config = (var.xray_tracing_enabled
+    ? "Active"
+    : "PassThrough"
+  )
+
+
+  ## Encryption
+  signature_version = var.signature_version
+  kms_master_key_id = (var.encryption_at_rest.enabled
+    ? var.encryption_at_rest.kms_key
+    : null
+  )
+
+  # application_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
+  # application_success_feedback_sample_rate - (Optional) Percentage of success to sample
+  # application_failure_feedback_role_arn - (Optional) IAM role for failure feedback
+
+  # http_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
+  # http_success_feedback_sample_rate - (Optional) Percentage of success to sample
+  # http_failure_feedback_role_arn - (Optional) IAM role for failure feedback
+
+  # lambda_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
+  # lambda_success_feedback_sample_rate - (Optional) Percentage of success to sample
+  # lambda_failure_feedback_role_arn - (Optional) IAM role for failure feedback
+
+  # sqs_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
+  # sqs_success_feedback_sample_rate - (Optional) Percentage of success to sample
+  # sqs_failure_feedback_role_arn - (Optional) IAM role for failure feedback
+
+  # firehose_success_feedback_role_arn - (Optional) The IAM role permitted to receive success feedback for this topic
+  # firehose_success_feedback_sample_rate - (Optional) Percentage of success to sample
+  # firehose_failure_feedback_role_arn
+
+  tags = merge(
+    {
+      "Name" = local.metadata.name
+    },
+    local.module_tags,
+    var.tags,
+  )
+}

modules/sns-fifo-topic/outputs.tf

@@ -0,0 +1,68 @@
+output "arn" {
+  description = "The ARN of the SNS topic."
+  value       = aws_sns_topic.this.arn
+}
+
+output "id" {
+  description = "The ID of the SNS topic."
+  value       = aws_sns_topic.this.id
+}
+
+output "owner" {
+  description = "The AWS Account ID of the SNS topic owner."
+  value       = aws_sns_topic.this.owner
+}
+
+output "name" {
+  description = "The name for the SNS topic."
+  value       = aws_sns_topic.this.name
+}
+
+output "display_name" {
+  description = "The display name for a topic with SMS subscriptions."
+  value       = aws_sns_topic.this.display_name
+}
+
+output "type" {
+  description = "The type of the SNS topic."
+  value       = "FIFO"
+}
+
+output "content_based_deduplication" {
+  description = "Whether to enable default message deduplication based on message content."
+  value       = aws_sns_topic.this.content_based_deduplication
+}
+
+output "xray_tracing_enabled" {
+  description = "Whether to activate AWS X-Ray Active Tracing mode for the SNS topic."
+  value       = aws_sns_topic.this.tracing_config == "Active"
+}
+
+output "signature_version" {
+  description = "The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS."
+  value       = aws_sns_topic.this.signature_version
+}
+
+output "encryption_at_rest" {
+  description = "A configuration to encrypt at rest in the SNS topic."
+  value = {
+    enabled = var.encryption_at_rest.enabled
+    kms_key = aws_sns_topic.this.kms_master_key_id
+  }
+}
+
+output "z" {
+  description = "The list of log streams for the log group."
+  value = {
+    for k, v in aws_sns_topic.this :
+    k => v
+    if !contains(["id", "arn", "name", "name_prefix", "display_name", "owner", "tags", "tags_all", "signature_version", "kms_master_key_id", "tracing_config", "content_based_deduplication", "fifo_topic"], k)
+  }
+}
+
+output "zz" {
+  description = "The list of log streams for the log group."
+  value = {
+    policy = aws_sns_topic_policy.this
+  }
+}

modules/sns-fifo-topic/policies.tf

@@ -0,0 +1,17 @@
+###################################################
+# Policy for SNS Topic
+###################################################
+
+data "aws_iam_policy_document" "this" {
+  source_policy_documents = concat(
+    []
+  )
+  override_policy_documents = var.policy != null ? [var.policy] : null
+}
+
+resource "aws_sns_topic_policy" "this" {
+  count = var.policy != null ? 1 : 0
+
+  arn    = aws_sns_topic.this.arn
+  policy = data.aws_iam_policy_document.this.json
+}

modules/sns-fifo-topic/resource-group.tf

@@ -0,0 +1,31 @@
+locals {
+  resource_group_name = (var.resource_group_name != ""
+    ? var.resource_group_name
+    : join(".", [
+      local.metadata.package,
+      local.metadata.module,
+      replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
+    ])
+  )
+}
+
+
+module "resource_group" {
+  source  = "tedilabs/misc/aws//modules/resource-group"
+  version = "~> 0.10.0"
+
+  count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
+
+  name        = local.resource_group_name
+  description = var.resource_group_description
+
+  query = {
+    resource_tags = local.module_tags
+  }
+
+  module_tags_enabled = false
+  tags = merge(
+    local.module_tags,
+    var.tags,
+  )
+}