Update_010224_3

terraform/environments/ppud/iam.tf

@@ -185,6 +185,8 @@ resource "aws_iam_role_policy_attachment" "attach_lambda_policy_to_lambda_role"
 # SNS IAM Policies
 ###################
 
+## Production
+
 data "aws_iam_policy_document" "sns_topic_policy_ec2cw" {
   count     = local.is-production == true ? 1 : 0
   policy_id = "SnsTopicId"
@@ -218,6 +220,41 @@ data "aws_iam_policy_document" "sns_topic_policy_ec2cw" {
   }
 }
 
+## UAT
+
+data "aws_iam_policy_document" "sns_topic_policy_uat_ec2cw" {
+  count = local.is-preproduction == true ? 1 : 0
+  policy_id = "SnsUATTopicId"
+  statement {
+    sid = "statement1"
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    effect = "Allow"
+    actions = [
+      "SNS:GetTopicAttributes",
+      "SNS:SetTopicAttributes",
+      "SNS:AddPermission",
+      "SNS:DeleteTopic",
+      "SNS:Subscribe",
+      "SNS:ListSubscriptionsByTopic",
+      "SNS:Publish",
+      "SNS:Receive"
+    ]
+
+    condition {
+      test     = "StringEquals"
+      variable = "AWS:SourceOwner"
+      values   = [data.aws_caller_identity.current.account_id]
+    }
+
+    resources = [
+      aws_sns_topic.cw_uat_alerts[0].arn
+    ]
+  }
+}
+
 ####################################################
 # IAM User, Policy for MGN
 ####################################################