Merge pull request #15 from dasmeta/DMVP-5761

fix(DMVP-5761): Fix null policy
dasmeta · Nov 13, 2024 · 7be732c · 7be732c
2 parents bf1ad06 + 97023b9
commit 7be732c
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/modules/topic/data.tf b/modules/topic/data.tf
@@ -0,0 +1 @@
+data "aws_caller_identity" "current" {}
diff --git a/modules/topic/locals.tf b/modules/topic/locals.tf
@@ -1,4 +1,34 @@
 locals {
   subscriptions_map  = { for subscription in var.subscriptions : "${subscription.protocol}:${coalesce(subscription.name, sha256(subscription.endpoint))}" => subscription }
   subscriptions_keys = nonsensitive(keys(local.subscriptions_map))
+
+  sns_policy = var.policy == null ? jsonencode({
+    "Version" : "2008-10-17",
+    "Id" : "__default_policy_ID",
+    "Statement" : [
+      {
+        "Sid" : "__default_statement_ID",
+        "Effect" : "Allow",
+        "Principal" : {
+          "AWS" : "*"
+        },
+        "Action" : [
+          "SNS:GetTopicAttributes",
+          "SNS:SetTopicAttributes",
+          "SNS:AddPermission",
+          "SNS:RemovePermission",
+          "SNS:DeleteTopic",
+          "SNS:Subscribe",
+          "SNS:ListSubscriptionsByTopic",
+          "SNS:Publish"
+        ],
+        "Resource" : "arn:aws:sns:us-east-1:${data.aws_caller_identity.current.account_id}:${var.name}",
+        "Condition" : {
+          "StringEquals" : {
+            "AWS:SourceOwner" : "${data.aws_caller_identity.current.account_id}"
+          }
+        }
+      }
+    ]
+  }) : jsonencode(var.policy)
 }
diff --git a/modules/topic/main.tf b/modules/topic/main.tf
@@ -3,7 +3,7 @@ resource "aws_sns_topic" "this" {
 
   name            = var.name
   delivery_policy = jsonencode(var.delivery_policy)
-  policy          = jsonencode(var.policy)
+  policy          = local.sns_policy
 }
 
 data "aws_sns_topic" "this" {