Terraform module to create AWS SNS resources πΊπ¦
Home Page: https://registry.terraform.io/modules/terraform-aws-modules/sns/aws
License: Apache License 2.0
Line 66 in a75132b
sns:Receive is not a recognized IAM action, as seen in the docs.
I haven't experienced an error from this, but from a security perspective it's unclear what its purpose is. Why is it there?
No subscription option to subscribe an email to get notified
When creating a totally custom SNS policy using a terraform aws_iam_policy_document as the topic_policy value, terraform throws a Error: Cycle Error if the module output of the module the policy is being attached to is referenced in the SNS topics policy.
The policy works fine if I remove the module reference and hardcode the ARN, however since this behaviour works in other Terraform modules for example https://github.com/terraform-aws-modules/terraform-aws-s3-bucket I figured it would work in this one
Module version [Required]: 6.0.1
Terraform version: v1.5.7
data "aws_iam_policy_document" "sns_policy" {
statement {
sid = "sub"
effect = "Allow"
resources = [
"${module.sns.topic_arn}/*",
]
actions = [
"sns:Subscribe"
]
principals {
type = "AWS"
identifiers = ["*"]
}
}
}
module "sns" {
source = "terraform-aws-modules/sns/aws"
name = "bug-report-sns-topic"
create_topic_policy = false
topic_policy = data.aws_iam_policy_document.sns_policy.json
}
Steps to reproduce the behaviour:
terraform initterraform validateThe validation should pass with no errors.
The validation fails with the following error:
β·
β Error: Cycle: module.sns.output.topic_arn (expand), data.aws_iam_policy_document.sns_policy, module.sns.var.topic_policy (expand), module.sns.aws_sns_topic.this
β
β
β΅
I've done similar things with terraform modules for example https://github.com/terraform-aws-modules/terraform-aws-s3-bucket where doing the following:
data "aws_iam_policy_document" "bucket_policy" {
statement {
sid = "AllowReadWriteAccess"
effect = "Allow"
resources = [
module.s3.s3_bucket_arn,
"${module.s3.s3_bucket_arn}/*"
]
principals {
type = "AWS"
identifiers = ["*"]
}
actions = [
"s3:List*",
"s3:Get*",
"s3:DeleteObject"
]
}
}
module "s3" {
source = "terraform-aws-modules/s3-bucket/aws"
bucket = "s3-bucket"
attach_policy = true
policy = data.aws_iam_policy_document.bucket_policy.json
}
AWS recently updated their SNS Topic policy actions by including additional action: "sns:Receive". You are missing this action in your module, hence those that use the module have a reported change where Terraform wants to remove this action from the policy.
Line: https://github.com/terraform-aws-modules/terraform-aws-sns/blob/master/main.tf#L62C13-L62C13
Please fix it ASAP.
When creating a multiple statements policy Terraform deletes or creates the second policy every time.
When running first apply the policy created successfully (as it should be):
when running the second apply command (without any code changes) the result is the second statement will be deleted:
The required outcome should be that the second statement won't deleted in the second apply command and there will be no changes to apply.
For the master branch you'e changed the "count" line to evaluate to a number, but for the teraform11 branch, this evaluates by default to a string value of "true".
Tags input is missing in documentation.
Hi, reading the code I saw this line
https://github.com/terraform-aws-modules/terraform-aws-sns/blob/master/main.tf#L89
wich is in deprecation according to AWS doc, i guess is better change to SourceArn like the example in the same code right?
When enabling FIFO SNS topic by using:
fifo_topic = true
content_based_deduplication = true
If I don't append the .fifo suffix in my topic name it throws an error: Error: invalid topic name: my-topic.
In terraform-aws-sqs module the .fifo suffix is appended automatically when creating a FIFO queue.
Let me know if I can open a PR with the change in case you think it would be better to do something similar for this module too.
Not sure, how the example is related to the SNS module
https://github.com/terraform-aws-modules/terraform-aws-sns/blob/master/examples/complete/main.tf
Seems that it's an example of KMS.
Please, check it out.
Hi there
I was testing this module and noticed that the "firehose_success_feedback_sample_rate" property is missing from the "aws_sns_topic" resource.
Add wrapper module same as in SQS module
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google β€οΈ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.