feat: add Mock daac lambda logic (#398)

* chore: method to subscribe to sns from sqs

* feat: adding infrastructure for archive daac

* feat: adding percolator

* feat: add method to migrate data

* feat: add migration logic to the real code

* chore: move granules index to correct location

* feat: (in progress) adding daac config crud ops

* feat: finished adding CRUDS for daac config

* fix: need to authorizer if user is authorized for current collection + set tenant & venue for DB

* fix: updating errors based on testcase

* fix: adding log statement

* fix: mistaken perc alias v. normal alias

* fix: saved search are not in correct place in mapping

* chore: adding log statement to see the problem

* fix: add it at the correct place

* fix: add test case + update errors based on those

* feat: adding mock daac lambda logic + terraform

* fix: adding iam creations

* fix: add vpc related iam permissions

* fix: add test case and check some bugs + get terraform working

* fix: disable s3 logic for now

* fix: update terraform to get things running

Author: wphyojpl

cumulus_lambda_functions/lib/aws/aws_message_transformers.py

@@ -23,6 +23,24 @@ class AwsMessageTransformers:
         },
         'required': ['Records']
     }
+    SNS_EVENT_SCHEMA = {
+        'type': 'object',
+        'properties': {
+            'Records': {
+                'type': 'array',
+                'minItems': 1,
+                'maxItems': 1,
+                'items': {
+                    'type': 'object',
+                    'properties': {
+                        'Sns': {'type': 'object'}
+                    },
+                    'required': ['Sns']
+                }
+            }
+        },
+        'required': ['Records']
+    }
 
     SNS_SCHEMA = {
         "type": "object",
@@ -86,10 +104,22 @@ def sqs_sns(self, raw_msg: json):
         sns_msg_body = json.loads(sns_msg_body)
         return sns_msg_body
 
+    def get_message_from_sns_event(self, raw_msg: json):
+        result = JsonValidator(self.SNS_EVENT_SCHEMA).validate(raw_msg)
+        if result is not None:
+            raise ValueError(f'input json has SNS_EVENT_SCHEMA validation errors: {result}')
+        sns_msg = raw_msg['Records'][0]['Sns']
+        result = JsonValidator(self.SNS_SCHEMA).validate(sns_msg)
+        if result is not None:
+            raise ValueError(f'input json has SNS validation errors: {result}')
+        sns_msg_body = sns_msg['Message']
+        sns_msg_body = json.loads(sns_msg_body)
+        return sns_msg_body
+
     def get_s3_from_sns(self, sns_msg_body):
         result = JsonValidator(self.S3_RECORD_SCHEMA).validate(sns_msg_body)
         if result is not None:
-            raise ValueError(f'sqs_msg did not pass SQS_MSG_SCHEMA: {result}')
+            raise ValueError(f'sns_msg_body did not pass S3_RECORD_SCHEMA: {result}')
         s3_summary = {
             'eventName': sns_msg_body['Records'][0]['eventName'],
             'bucket': sns_msg_body['Records'][0]['s3']['bucket']['name'],

cumulus_lambda_functions/lib/uds_db/archive_index.py

@@ -1,5 +1,4 @@
 from cumulus_lambda_functions.lib.json_validator import JsonValidator
-
 from cumulus_lambda_functions.lib.uds_db.db_constants import DBConstants
 
 from cumulus_lambda_functions.lib.aws.es_abstract import ESAbstract

cumulus_lambda_functions/mock_daac/lambda_function.py

@@ -1,4 +1,5 @@
 from cumulus_lambda_functions.lib.lambda_logger_generator import LambdaLoggerGenerator
+from cumulus_lambda_functions.mock_daac.mock_daac_logic import MockDaacLogic
 
 
 def lambda_handler(event, context):
@@ -9,5 +10,5 @@ def lambda_handler(event, context):
     {'Records': [{'messageId': '6ff7c6fd-4053-4ab4-bc12-c042be1ed275', 'receiptHandle': 'AQEBYASiFPjQT5JBI2KKCTF/uQhHfJt/tHhgucslQQdvkNVxcXCNi2E5Ux4U9N0eu7RfvlnvtycjUh0gdL7jIeoyH+VRKSF61uAJuT4p31BsNe0GYu49N9A6+kxjP/RrykR7ZofmQRdHToX1ugRc76SMRic4H/ZZ89YAHA2QeomJFMrYywIxlk8OAzYaBf2dQI7WexjY5u1CW00XNMbTGyTo4foVPxcSn6bdFpfgxW/L7yJMX/0YQvrA9ruiuQ+lrui+6fWYh5zEk3f5v1bYtUQ6DtyyfbtMHZQJTJpUlWAFRzzN+3melilH7FySyOGDXhPb0BOSzmdKq9wBbfLW/YPb7l99ejq4GfRfj8LyI4EtB96vTeUw4LCgUqbZcBrxbGBLUXMacweh+gCjHav9ylqr2SeOiqG3vWPq9pwFYQIDqNE=', 'body': '{\n  "Type" : "Notification",\n  "MessageId" : "33e1075a-435c-5217-a33d-59fae85e19b2",\n  "TopicArn" : "arn:aws:sns:us-west-2:237868187491:uds-sbx-cumulus-granules_cnm_ingester",\n  "Subject" : "Amazon S3 Notification",\n  "Message" : "{\\"Service\\":\\"Amazon S3\\",\\"Event\\":\\"s3:TestEvent\\",\\"Time\\":\\"2024-04-22T18:13:22.416Z\\",\\"Bucket\\":\\"uds-sbx-cumulus-staging\\",\\"RequestId\\":\\"DQ4T0GRVFPSX45C9\\",\\"HostId\\":\\"gHBFnYNmfnGDZBmqoQwA3RScjtjBk5lr426moGxu8IDpe5UhWAqNTxHqilWBoPN1njzIrzNrf8c=\\"}",\n  "Timestamp" : "2024-04-22T18:13:22.434Z",\n  "SignatureVersion" : "1",\n  "Signature" : "RvSxqpU7J7CCJXbin9cXqTxzjMjgAUFtk/n454mTMcOe5x3Ay1w4AHfzyeYQCFBdLHNBa8n3OdMDoDlJqyVQMb8k+nERaiZWN2oqFVDRqT9pqSr89b+4FwlhPv6TYy2pBa/bgjZ4cOSYsey1uSQ3hjl0idfssvuV5cCRxQScbA+yu8Gcv9K7Oqgy01mC0sDHiuPIifhFXxupG5ygbjqoHIB+1gdMEbBwyixoY5GOpHM/O2uHNF+dJDjax1WMxQ2FzVjiFeCa+tNcjovF059+tx2v1YmDq/kEAFrN6DAtP6R4zKag62P9jkvjU/wHYJ2jjXmZAqoG+nuzAo24HiZPSw==",\n  "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-60eadc530605d63b8e62a523676ef735.pem",\n  "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:237868187491:uds-sbx-cumulus-granules_cnm_ingester:76cbefa1-addf-45c2-97e1-ae16986b195b"\n}', 'attributes': {'ApproximateReceiveCount': '1', 'SentTimestamp': '1713809602474', 'SenderId': 'AIDAIYLAVTDLUXBIEIX46', 'ApproximateFirstReceiveTimestamp': '1713809602483'}, 'messageAttributes': {}, 'md5OfBody': 'c6d06d1b742ad5bd2cfe5f542640aad2', 'eventSource': 'aws:sqs', 'eventSourceARN': 'arn:aws:sqs:us-west-2:237868187491:uds-sbx-cumulus-granules_cnm_ingester', 'awsRegion': 'us-west-2'}]}
     """
     LambdaLoggerGenerator.remove_default_handlers()
-    print('To be implemented later')
+    MockDaacLogic().start(event)
     return

cumulus_lambda_functions/mock_daac/mock_daac_logic.py

@@ -0,0 +1,95 @@
+import json
+import os
+import random
+
+import requests
+from cumulus_lambda_functions.lib.json_validator import JsonValidator
+
+from cumulus_lambda_functions.lib.aws.aws_message_transformers import AwsMessageTransformers
+from cumulus_lambda_functions.lib.aws.aws_s3 import AwsS3
+
+from cumulus_lambda_functions.lib.lambda_logger_generator import LambdaLoggerGenerator
+
+from cumulus_lambda_functions.lib.time_utils import TimeUtils
+
+from cumulus_lambda_functions.lib.aws.aws_sns import AwsSns
+LOGGER = LambdaLoggerGenerator.get_logger(__name__, LambdaLoggerGenerator.get_level_from_env())
+
+
+class MockDaacLogic:
+    NO_RESPONSE_PERC = 'NO_RESPONSE_PERC'
+    NO_RESPONSE_PERC_DEFAULT = .25
+    FAIL_PERC = 'FAIL_PERC'
+    FAIL_PERC_DEFAULT = .25
+    UDS_ARCHIVE_SNS_TOPIC_ARN = 'UDS_ARCHIVE_SNS_TOPIC_ARN'
+
+    def __init__(self):
+        self.__no_response_percentage = float(os.environ.get(self.NO_RESPONSE_PERC, self.NO_RESPONSE_PERC_DEFAULT))
+        self.__fail_percentage = float(os.environ.get(self.NO_RESPONSE_PERC, self.NO_RESPONSE_PERC_DEFAULT))
+        self.__fail_percentage += self.__no_response_percentage
+        self.__sns_topic_arn = os.environ.get(self.UDS_ARCHIVE_SNS_TOPIC_ARN)
+        self.__sns = AwsSns().set_topic_arn(self.__sns_topic_arn)
+        self.__response_message = {}
+        self.__s3 = AwsS3()
+
+    def __send_random_result(self):
+        # https://github.com/podaac/cloud-notification-message-schema?tab=readme-ov-file#response-message-fields
+        random_success = random.uniform(0, 1)
+        if random_success < self.__no_response_percentage:
+            LOGGER.debug(f'intentionally not sending any message')
+            return
+        if random_success < self.__fail_percentage:
+            LOGGER.debug(f'sending failure message')
+            self.__response_message['response'] = {
+                'status': 'FAILURE',
+                'errorCode': ["VALIDATION_ERROR", "PROCESSING_ERROR", "TRANSFER_ERROR"][random.randint(0, 2)],
+                'errorMessage': 'This is a sample failure message',
+            }
+            sns_response = self.__sns.publish_message(json.dumps(self.__response_message))
+            LOGGER.debug(f'sns_response: {sns_response}')
+            return
+        self.__response_message['response'] = {
+            'status': 'SUCCESS',
+        }
+        LOGGER.debug(f'sending success message')
+        sns_response = self.__sns.publish_message(json.dumps(self.__response_message))
+        LOGGER.debug(f'sns_response: {sns_response}')
+        return
+
+    def __check_s3_file(self, input_files: list):
+        for each_file in input_files:
+            s3_obj_size = self.__s3.set_s3_url(each_file['uri']).get_s3_obj_size()
+            print(f'{each_file}: {s3_obj_size}')
+        return
+
+
+    def start(self, event):
+        LOGGER.debug(f'event: {event}')
+        """
+        event: {'Records': [{'EventSource': 'aws:sns', 'EventVersion': '1.0', 'EventSubscriptionArn': 'arn:aws:sns:us-west-2:429178552491:uds-sbx-cumulus-mock_daac_cnm_sns:35fc364f-2c1a-4139-af3f-bbc2921ea50b', 'Sns': {'Type': 'Notification', 'MessageId': '2f324e04-4d7b-5f56-a46e-1110e4ac1f51', 'TopicArn': 'arn:aws:sns:us-west-2:429178552491:uds-sbx-cumulus-mock_daac_cnm_sns', 'Subject': None, 'Message': 'asfdsadfsa', 'Timestamp': '2024-07-19T17:51:19.598Z', 'SignatureVersion': '1', 'Signature': 'Bh1CYWOwQrPcF7C7pOZ3h8khg9W2P01C8XhnIFQ0GE1H7vkXHm/vjLRFJbL0e2/6I0M2rlMJwSC/doS87PNCZ9NW+QPhyr/LmfSib1rfqbGMSIVBA3V1VbXokwvYqTwE05S8+UltEhezgexqDqxd/37WPB9iFOK0v3S5XTvNDRelQJUcTUpy8Ts/F2xFB0vgjKvdTQg+c3KDNIUzukcvNexDVfrp8QMEv/7/kO8A5JVYu0HagiBcIdVWPhgFjtTdcs0A3qSYx5C+sqoSX2Cb+opUZESQ9iNax5vZ1nZxokicSFqOts8uoSNDBE9x695BBET9IRD140bE3iF7xT5ZOQ==', 'SigningCertUrl': 'https://sns.us-west-2.amazonaws.com/SimpleNotificationService-60eadc530605d63b8e62a523676ef735.pem', 'UnsubscribeUrl': 'https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:429178552491:uds-sbx-cumulus-mock_daac_cnm_sns:35fc364f-2c1a-4139-af3f-bbc2921ea50b', 'MessageAttributes': {}}}]}
+        """
+        input_event = AwsMessageTransformers().get_message_from_sns_event(event)
+        LOGGER.debug(f'input_event: {input_event}')
+        # Check input message is validated according to https://github.com/podaac/cloud-notification-message-schema?tab=readme-ov-file#notification-message-fields
+
+        # validate using this: https://raw.githubusercontent.com/podaac/cloud-notification-message-schema/v1.6.1/cumulus_sns_schema.json
+        cnm_msg_schema = requests.get('https://raw.githubusercontent.com/podaac/cloud-notification-message-schema/v1.6.1/cumulus_sns_schema.json')
+        cnm_msg_schema.raise_for_status()
+        cnm_msg_schema = json.loads(cnm_msg_schema.text)
+        result = JsonValidator(cnm_msg_schema).validate(input_event)
+        if result is not None:
+            raise ValueError(f'input cnm event has cnm_msg_schema validation errors: {result}')
+
+        # Check if S3 can be downloaded
+        # self.__check_s3_file(input_event['product']['files'])
+        # .25/.25/.50 P() on No send, send failure, send success
+        # Return with this message: https://github.com/podaac/cloud-notification-message-schema?tab=readme-ov-file#response-message-fields
+        self.__response_message = {
+            'submissionTime': f'{TimeUtils.get_current_time()}Z',
+            'receivedTime': input_event['submissionTime'],
+            'processCompleteTime': f'{TimeUtils.get_current_time()}Z',
+            'collection': input_event['collection'],
+            'identifier': input_event['identifier'],
+        }
+        self.__send_random_result()
+        return

tests/mock_daac/__init__.py

@@ -0,0 +1,62 @@
+import json
+from unittest import TestCase
+
+from cumulus_lambda_functions.lib.time_utils import TimeUtils
+
+from cumulus_lambda_functions.mock_daac.mock_daac_logic import MockDaacLogic
+
+
+class TestMockDaacLogic(TestCase):
+    def test_01(self):
+        sample_cnm_message = {
+            "collection": "MY_DAAC",
+            "identifier": "URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100:abcd.1234.efgh.test_file05",
+            "submissionTime": f'{TimeUtils.get_current_time()}Z',
+            "provider": "DEV",  # TODO need to pull this from granule ID
+            "version": "1.6.0",
+            "product": {
+                "name": "UDS_COLLECTION___2404251100:abcd.1234.efgh.test_file05",  # TODO extract granule ID Everything after tenant/venue."
+                "dataVersion": "123",  # TODO ask user to provide it in config,
+                "files": [
+                    {
+                        "name": "abcd.1234.efgh.test_file05.data.stac.json",
+                        "type": "data",
+                        "uri": "s3://unity-dev-cumulus-unity-william-test-1/URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100/URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100:abcd.1234.efgh.test_file05/abcd.1234.efgh.test_file05.data.stac.json",
+                        "checksumType": "md5",
+                        "checksum": "unknown",
+                        "size": -1
+                    },
+                    {
+                        "name": "abcd.1234.efgh.test_file05.nc.cas",
+                        "type": "metadata",
+                        "uri": "s3://unity-dev-cumulus-unity-william-test-1/URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100/URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100:abcd.1234.efgh.test_file05/abcd.1234.efgh.test_file05.nc.cas",
+                        "checksumType": "md5",
+                        "checksum": "unknown",
+                        "size": -1
+                    },
+                    {
+                        "name": "abcd.1234.efgh.test_file05.nc.stac.json",
+                        "type": "metadata",
+                        "uri": "s3://unity-dev-cumulus-unity-william-test-1/URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100/URN:NASA:UNITY:UDS_LOCAL_TEST:DEV:UDS_COLLECTION___2404251100:abcd.1234.efgh.test_file05/abcd.1234.efgh.test_file05.nc.stac.json",
+                        "checksumType": "md5",
+                        "checksum": "unknown",
+                        "size": -1
+                    }
+                ]
+            }
+        }
+        input_event = {'Records': [{
+            'EventSource': 'aws:sns',
+            'EventVersion': '1.0',
+            'EventSubscriptionArn': 'arn:aws:sns:us-west-2:xxx:uds-sbx-cumulus-mock_daac_cnm_sns:xxx-2c1a-4139-af3f-bbc2921ea50b',
+            'Sns': {'Type': 'Notification', 'MessageId': 'xxx-4d7b-5f56-a46e-1110e4ac1f51',
+                    'TopicArn': 'arn:aws:sns:us-west-2:xxx:uds-sbx-cumulus-mock_daac_cnm_sns',
+                    'Subject': '',  # TODO will this always be present?
+                    'Message': json.dumps(sample_cnm_message),
+                    'Timestamp': '2024-07-19T17:51:19.598Z', 'SignatureVersion': '1',
+                    'Signature': 'xxx/vjLRFJbL0e2/6I0M2rlMJwSC/doS87PNCZ9NW+QPhyr/LmfSib1rfqbGMSIVBA3V1VbXokwvYqTwE05S8+UltEhezgexqDqxd/xxx/F2xFB0vgjKvdTQg+c3KDNIUzukcvNexDVfrp8QMEv/7/kO8A5JVYu0HagiBcIdVWPhgFjtTdcs0A3qSYx5C+sqoSX2Cb+opUZESQ9iNax5vZ1nZxokicSFqOts8uoSNDBE9x695BBET9IRD140bE3iF7xT5ZOQ==', 'SigningCertUrl': 'https://sns.us-west-2.amazonaws.com/SimpleNotificationService-60eadc530605d63b8e62a523676ef735.pem',
+                    'UnsubscribeUrl': 'https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:xx:uds-sbx-cumulus-mock_daac_cnm_sns:xxx-2c1a-4139-af3f-bbc2921ea50b',
+                    'MessageAttributes': {}}
+        }]}
+        MockDaacLogic().start(input_event)
+        return

tests/mock_daac/test_mock_daac_logic.py

@@ -25,7 +25,7 @@ resource "aws_security_group" "unity_cumulus_lambda_sg" {
   tags = var.tags
 }
 
-data "aws_iam_policy_document" "lambda_assume_role_policy" {
+data "aws_iam_policy_document" "mock_daac_lambda_assume_role_policy" {
   statement {
     principals {
       type        = "Service"
@@ -35,17 +35,89 @@ data "aws_iam_policy_document" "lambda_assume_role_policy" {
   }
 }
 
+
+# IAM Role for Lambda Function
+resource "aws_iam_role" "mock_daac_lambda_role" {
+  name = "${var.prefix}-mock_daac_lambda_role"
+  permissions_boundary = "arn:aws:iam::${local.account_id}:policy/mcp-tenantOperator-AMI-APIG"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        },
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+
+# IAM Policy for accessing S3 and SNS in other accounts
+resource "aws_iam_policy" "mock_daac_lambda_policy" {
+  name        = "${var.prefix}-mock_daac_lambda_policy"
+  description = "IAM policy for Lambda to access S3 bucket and publish to SNS topic in another account"
+  policy = jsonencode({
+    Version = "2012-10-17",
+    Statement = [
+      {
+        Effect = "Allow",
+        Action = [
+          "ec2:DescribeNetworkInterfaces",
+          "ec2:CreateNetworkInterface",
+          "ec2:DeleteNetworkInterface",
+          "ec2:DescribeInstances",
+          "ec2:AttachNetworkInterface",
+          "logs:PutLogEvents",
+          "logs:DescribeLogStreams",
+          "logs:CreateLogStream",
+          "logs:CreateLogGroup",
+        ],
+        "Resource": "*"
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "s3:GetObject*",
+          "s3:PutObject"
+        ],
+        Resource = "arn:aws:s3:::/*unity*/*"
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "sns:Publish"
+        ],
+        Resource = "arn:aws:sns:${var.uds_region}:${var.uds_account}:${var.uds_prefix}-daac_archiver"
+      }
+    ]
+  })
+}
+
+# Attach policy to the role
+resource "aws_iam_role_policy_attachment" "mock_daac_lambda_policy_attachment" {
+  role       = aws_iam_role.mock_daac_lambda_role.name
+  policy_arn = aws_iam_policy.mock_daac_lambda_policy.arn
+}
+
+
 resource "aws_lambda_function" "mock_daac_lambda" {
   filename      = local.lambda_file_name
   source_code_hash = filebase64sha256(local.lambda_file_name)
   function_name = "${var.prefix}-mock_daac_lambda"
-  role          = var.lambda_processing_role_arn
+  role          = aws_iam_role.mock_daac_lambda_role.arn
   handler       = "cumulus_lambda_functions.mock_daac.lambda_function.lambda_handler"
   runtime       = "python3.9"
   timeout       = 300
   environment {
     variables = {
       LOG_LEVEL = var.log_level
+      NO_RESPONSE_PERC = var.no_response_perc
+      FAIL_PERC = var.no_response_perc
+      FAIL_PERC = var.fail_perc
+      UDS_ARCHIVE_SNS_TOPIC_ARN = "arn:aws:sns:${var.uds_region}:${var.uds_account}:${var.uds_prefix}-daac_archiver"
     }
   }
 
@@ -59,4 +131,33 @@ resource "aws_lambda_function" "mock_daac_lambda" {
 resource "aws_sns_topic" "mock_daac_cnm_sns" {
   name = "${var.prefix}-mock_daac_cnm_sns"
   tags = var.tags
+}
+
+resource "aws_sns_topic_policy" "granules_cnm_ingester_policy" {
+  arn = aws_sns_topic.mock_daac_cnm_sns.arn
+  policy = templatefile("${path.module}/mock_daac_sns_policy.json", {
+    region: var.aws_region,
+    accountId: local.account_id,
+    snsName: "${var.prefix}-granules_cnm_ingester",
+    prefix: var.prefix,
+
+    uds_region: var.uds_region,
+    uds_accountId: var.uds_account,
+    uds_prefix: var.uds_prefix,
+  })
+}
+
+resource "aws_sns_topic_subscription" "mock_daac_cnm_sns" { // https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription
+  topic_arn = aws_sns_topic.mock_daac_cnm_sns.arn
+  protocol  = "lambda"
+  endpoint  = aws_lambda_function.mock_daac_lambda.arn
+#  filter_policy_scope = "MessageBody"  // MessageAttributes. not using attributes
+#  filter_policy = templatefile("${path.module}/ideas_api_job_results_filter_policy.json", {})
+}
+
+resource "aws_lambda_permission" "kinesis_fallback" {
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.mock_daac_lambda.arn
+  principal     = "sns.amazonaws.com"
+  source_arn    = aws_sns_topic.mock_daac_cnm_sns.arn
 }

tf-module/mock_daac/main.tf

@@ -0,0 +1,28 @@
+{
+  "Version": "2008-10-17",
+  "Id": "__default_policy_ID",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": ["lambda.amazonaws.com"]
+      },
+      "Action": [
+        "SNS:GetTopicAttributes",
+        "SNS:SetTopicAttributes",
+        "SNS:AddPermission",
+        "SNS:RemovePermission",
+        "SNS:DeleteTopic",
+        "SNS:Subscribe",
+        "SNS:ListSubscriptionsByTopic",
+        "SNS:Publish"
+      ],
+      "Resource": "arn:aws:sns:${region}:${accountId}:${snsName}",
+      "Condition": {
+        "ArnLike": {
+          "aws:SourceArn": ["arn:aws:lambda:${uds_region}:${uds_accountId}:${uds_prefix}-daac_archiver", "arn:aws:lambda:${region}:${accountId}:${prefix}-mock_daac_lambda"]
+        }
+      }
+    }
+  ]
+}