62 lines
1.4 KiB
HCL
62 lines
1.4 KiB
HCL
data "aws_iam_policy_document" "ec2_events_access_policy" {
|
|
statement {
|
|
sid = "__default_statement_ID"
|
|
effect = "Allow"
|
|
principals {
|
|
type = "AWS"
|
|
identifiers = ["*"]
|
|
}
|
|
actions = [
|
|
"SNS:Subscribe",
|
|
"SNS:SetTopicAttributes",
|
|
"SNS:RemovePermission",
|
|
"SNS:Receive",
|
|
"SNS:Publish",
|
|
"SNS:ListSubscriptionsByTopic",
|
|
"SNS:GetTopicAttributes",
|
|
"SNS:DeleteTopic",
|
|
"SNS:AddPermission",
|
|
]
|
|
resources = [
|
|
aws_sns_topic.ec2_events.arn,
|
|
]
|
|
condition {
|
|
test = "StringEquals"
|
|
variable = "AWS:SourceOwner"
|
|
|
|
values = [
|
|
data.aws_caller_identity.current.account_id
|
|
]
|
|
}
|
|
|
|
}
|
|
|
|
statement {
|
|
sid = "AllowEventBridgePublish"
|
|
effect = "Allow"
|
|
principals {
|
|
type = "Service"
|
|
identifiers = ["events.amazonaws.com"]
|
|
}
|
|
actions = ["sns:Publish"]
|
|
resources = [aws_sns_topic.ec2_events.arn]
|
|
}
|
|
}
|
|
|
|
resource "aws_sns_topic" "ec2_events" {
|
|
name = "ec2-events"
|
|
}
|
|
|
|
resource "aws_sns_topic_policy" "ec2_events_policy" {
|
|
arn = aws_sns_topic.ec2_events.arn
|
|
policy = data.aws_iam_policy_document.ec2_events_access_policy.json
|
|
}
|
|
|
|
resource "aws_sns_topic_subscription" "dynk8s_provisoner" {
|
|
topic_arn = aws_sns_topic.ec2_events.arn
|
|
protocol = "https"
|
|
endpoint = "https://dynk8s-provisioner.pyrocufflink.net/sns/notify"
|
|
}
|
|
|
|
|