data "aws_iam_policy_document" "ec2_events_access_policy" {
  statement {
    sid = "__default_statement_ID"
    effect = "Allow"
    principals {
      type        = "AWS"
      identifiers = ["*"]
    }
    actions = [
      "SNS:Subscribe",
      "SNS:SetTopicAttributes",
      "SNS:RemovePermission",
      "SNS:Receive",
      "SNS:Publish",
      "SNS:ListSubscriptionsByTopic",
      "SNS:GetTopicAttributes",
      "SNS:DeleteTopic",
      "SNS:AddPermission",
    ]
    resources = [
      aws_sns_topic.ec2_events.arn,
    ]
    condition {
      test     = "StringEquals"
      variable = "AWS:SourceOwner"

      values = [
        data.aws_caller_identity.current.account_id
      ]
    }

  }

  statement {
    sid = "AllowEventBridgePublish"
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = ["events.amazonaws.com"]
    }
    actions   = ["sns:Publish"]
    resources = [aws_sns_topic.ec2_events.arn]
  }
}

resource "aws_sns_topic" "ec2_events" {
  name = "ec2-events"
}

resource "aws_sns_topic_policy" "ec2_events_policy" {
  arn    = aws_sns_topic.ec2_events.arn
  policy = data.aws_iam_policy_document.ec2_events_access_policy.json
}

resource "aws_sns_topic_subscription" "dynk8s_provisoner" {
  topic_arn = aws_sns_topic.ec2_events.arn
  protocol  = "https"
  endpoint  = "https://dynk8s-provisioner.pyrocufflink.net/sns/notify"
}