Fix SNS policy & raw_message_delivery default option

binbashar · Oct 26, 2021 · c4ddf1d · c4ddf1d
1 parent 69769ea
commit c4ddf1d
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/root/us-east-1/notifications/sms_tools_monitoring.tf b/root/us-east-1/notifications/sms_tools_monitoring.tf
@@ -8,21 +8,37 @@ module "notify_sms" {
       protocol               = "sms"
       endpoint               = data.vault_generic_secret.notifications.data["phone1"]
       endpoint_auto_confirms = true
-      raw_message_delivery   = true
+      raw_message_delivery   = false
     }
     #phone2 = {
     #  protocol               = "sms"
     #  endpoint               = data.vault_generic_secret.notifications.data["phone2"]
     #  endpoint_auto_confirms = true
-    #  raw_message_delivery   = true
+    #  raw_message_delivery   = false
     #}
     #phone3 = {
     #  protocol               = "sms"
     #  endpoint               = data.vault_generic_secret.notifications.data["phone3"]
     #  endpoint_auto_confirms = true
-    #  raw_message_delivery   = true
+    #  raw_message_delivery   = false
     #}
   }
 
-  sqs_dlq_enabled = false
+  # Policy
+  sns_topic_policy_json = join("", data.aws_iam_policy_document.aws_sns_topic_policy.*.json)
+
+}
+
+data "aws_iam_policy_document" "aws_sns_topic_policy" {
+
+  policy_id = "SNSTopicsPub"
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    effect    = "Allow"
+    actions   = ["sns:Publish"]
+    resources = ["arn:aws:sns:${var.region}:${var.root_account_id}:${var.sns_topic_name_sms}"]
+  }
 }