AWS SNS Topic Terraform module

Terraform module which creates SNS resources on AWS

Usage

Simple Topic

module "sns_topic" {
  source  = "terraform-aws-modules/sns/aws"

  name  = "simple"

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Topic w/ SQS Subscription

module "sns_topic" {
  source  = "terraform-aws-modules/sns/aws"

  name  = "pub-sub"

  topic_policy_statements = {
    pub = {
      actions = ["sns:Publish"]
      principals = [{
        type        = "AWS"
        identifiers = ["arn:aws:iam::66666666666:role/publisher"]
      }]
    },

    sub = {
      actions = [
        "sns:Subscribe",
        "sns:Receive",
      ]

      principals = [{
        type        = "AWS"
        identifiers = ["*"]
      }]

      conditions = [{
        test     = "StringLike"
        variable = "sns:Endpoint"
        values   = ["arn:aws:sqs:eu-west-1:11111111111:subscriber"]
      }]
    }
  }

  subscriptions = {
    sqs = {
      protocol = "sqs"
      endpoint = "arn:aws:sqs:eu-west-1:11111111111:subscriber"
    }
  }

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

FIFO Topic w/ FIFO SQS Subscription

module "sns_topic" {
  source  = "terraform-aws-modules/sns/aws"

  name  = "my-topic"

  # SQS queue must be FIFO as well
  fifo_topic                  = true
  content_based_deduplication = true

  topic_policy_statements = {
    pub = {
      actions = ["sns:Publish"]
      principals = [{
        type        = "AWS"
        identifiers = ["arn:aws:iam::66666666666:role/publisher"]
      }]
    },

    sub = {
      actions = [
        "sns:Subscribe",
        "sns:Receive",
      ]

      principals = [{
        type        = "AWS"
        identifiers = ["*"]
      }]

      conditions = [{
        test     = "StringLike"
        variable = "sns:Endpoint"
        values   = ["arn:aws:sqs:eu-west-1:11111111111:subscriber.fifo"]
      }]
    }
  }

  subscriptions = {
    sqs = {
      protocol = "sqs"
      endpoint = "arn:aws:sqs:eu-west-1:11111111111:subscriber.fifo"
    }
  }

  tags = {
    Environment = "dev"
    Terraform   = "true"
  }
}

Examples

• Complete

Requirements

Name	Version
terraform	>= 1.5.7
aws	>= 6.9

Providers

Name	Version
aws	>= 6.9

Modules

No modules.

Resources

Name	Type
aws_sns_topic.this	resource
aws_sns_topic_data_protection_policy.this	resource
aws_sns_topic_policy.this	resource
aws_sns_topic_subscription.this	resource
aws_caller_identity.current	data source
aws_iam_policy_document.this	data source

Inputs

Name	Description	Type	Default	Required
application_feedback	Map of IAM role ARNs and sample rate for success and failure feedback	object({ failure_role_arn = optional(string) success_role_arn = optional(string) success_sample_rate = optional(number) })	{}	no
archive_policy	The message archive policy for FIFO topics	string	null	no
content_based_deduplication	Boolean indicating whether or not to enable content-based deduplication for FIFO topics	bool	false	no
create	Determines whether resources will be created (affects all resources)	bool	true	no
create_subscription	Determines whether an SNS subscription is created	bool	true	no
create_topic_policy	Determines whether an SNS topic policy is created	bool	true	no
data_protection_policy	A map of data protection policy statements	string	null	no
delivery_policy	The SNS delivery policy	string	null	no
display_name	The display name for the SNS topic	string	null	no
enable_default_topic_policy	Specifies whether to enable the default topic policy. Defaults to true	bool	true	no
fifo_throughput_scope	Enables higher throughput for FIFO topics by adjusting the scope of deduplication. This attribute has two possible values, Topic and MessageGroup	string	null	no
fifo_topic	Boolean indicating whether or not to create a FIFO (first-in-first-out) topic	bool	false	no
firehose_feedback	Map of IAM role ARNs and sample rate for success and failure feedback	object({ failure_role_arn = optional(string) success_role_arn = optional(string) success_sample_rate = optional(number) })	{}	no
http_feedback	Map of IAM role ARNs and sample rate for success and failure feedback	object({ failure_role_arn = optional(string) success_role_arn = optional(string) success_sample_rate = optional(number) })	{}	no
kms_master_key_id	The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK	string	null	no
lambda_feedback	Map of IAM role ARNs and sample rate for success and failure feedback	object({ failure_role_arn = optional(string) success_role_arn = optional(string) success_sample_rate = optional(number) })	{}	no
name	The name of the SNS topic to create	string	null	no
override_topic_policy_documents	List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid	list(string)	[]	no
region	Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration	string	null	no
signature_version	If SignatureVersion should be 1 (SHA1) or 2 (SHA256). The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS	number	null	no
source_topic_policy_documents	List of IAM policy documents that are merged together into the exported document. Statements must have unique sids	list(string)	[]	no
sqs_feedback	Map of IAM role ARNs and sample rate for success and failure feedback	object({ failure_role_arn = optional(string) success_role_arn = optional(string) success_sample_rate = optional(number) })	{}	no
subscriptions	A map of subscription definitions to create	map(object({ confirmation_timeout_in_minutes = optional(number) delivery_policy = optional(string) endpoint = string endpoint_auto_confirms = optional(bool) filter_policy = optional(string) filter_policy_scope = optional(string) protocol = string raw_message_delivery = optional(bool) redrive_policy = optional(string) replay_policy = optional(string) subscription_role_arn = optional(string) }))	{}	no
tags	A map of tags to add to all resources	map(string)	{}	no
topic_policy	An externally created fully-formed AWS policy as JSON	string	null	no
topic_policy_statements	A map of IAM policy statements for custom permission usage	map(object({ sid = optional(string) actions = optional(list(string)) not_actions = optional(list(string)) effect = optional(string, "Allow") resources = optional(list(string)) not_resources = optional(list(string)) principals = optional(list(object({ type = string identifiers = list(string) }))) not_principals = optional(list(object({ type = string identifiers = list(string) }))) condition = optional(list(object({ test = string variable = string values = list(string) }))) }))	null	no
tracing_config	Tracing mode of an Amazon SNS topic. Valid values: PassThrough, Active	string	null	no
use_name_prefix	Determines whether name is used as a prefix	bool	false	no

Outputs

Name	Description
subscriptions	Map of subscriptions created and their attributes
topic_arn	The ARN of the SNS topic, as a more obvious property (clone of id)
topic_beginning_archive_time	The oldest timestamp at which a FIFO topic subscriber can start a replay
topic_id	The ARN of the SNS topic
topic_name	The name of the topic
topic_owner	The AWS Account ID of the SNS topic owner

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.