def add_sns_topic(self): """ Create sns topic to push mail content from SES """ sns_imp_topic = sns.Topic(resource_name=format_resource_name("topic")) return sns_imp_topic
import json from pulumi_aws import cloudwatch, sns, dynamodb, ec2, ecr, ecs, iam, kinesis, sqs ## CloudWatch logins_topic = sns.Topic("myloginstopic") event_rule = cloudwatch.EventRule("myeventrule", event_pattern=json.dumps({ "detail-type": ["AWS Console Sign In via CloudTrail"] })) event_target = cloudwatch.EventTarget("myeventtarget", rule=event_rule.name, target_id="SendToSNS", arn=logins_topic.arn) log_group = cloudwatch.LogGroup("myloggroup") log_metric_filter = cloudwatch.LogMetricFilter( "mylogmetricfilter", pattern="", log_group_name=log_group.name, metric_transformation=cloudwatch.LogMetricFilterMetricTransformationArgs( name="EventCount", namespace="YourNamespace", value="1", )) log_stream = cloudwatch.LogStream("mylogstream", log_group_name=log_group.name)
"Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service": "sns.amazonaws.com" }, "Effect": "Allow", "Sid": "" } ] }""", ) sns_topic = sns.Topic( f"gods-topic", sqs_failure_feedback_role_arn=role.arn, sqs_success_feedback_role_arn=role.arn, ) weapons_topic = sns.Topic( f"weapons-topic", sqs_failure_feedback_role_arn=role.arn, sqs_success_feedback_role_arn=role.arn, ) sns.TopicSubscription( f"weapons-subscription", endpoint=weapons_queue.arn, protocol="sqs", topic=weapons_topic.arn, )
def Topic(self): resource_specs = ParseYAML(resource_type).getSpecs() for sns_topic_name, sns_topic_configuration in resource_specs[ "topic"].items(): sns_topic_configuration = sns_topic_configuration if sns_topic_configuration else {} resource_name = sns_topic_name resource_tags = sns_topic_configuration.get("tags") # Getting list of tags from configuration file tags_list = {} if resource_tags is not None: for each_tag_name, each_tag_value in resource_tags.items(): tags_list.update({each_tag_name: each_tag_value}) # Adding mandatory tags tags_list.update({"Name": resource_name}) tags_list.update({ "Project/Stack": pulumi.get_project() + "/" + pulumi.get_stack() }) tags_list.update(resource_mandatory_tags) # Create SNSs topic = sns.Topic(resource_name, tags=tags_list) sns_topic_by_name[resource_name] = topic # Export pulumi.export(topic._name, topic.id) # Attach policy if needed cross_account_source_id = sns_topic_configuration.get( "cross_account_source_id") cross_account_target_id = sns_topic_configuration.get( "cross_account_target_id") if cross_account_source_id and cross_account_target_id: arn = sns_topic_by_name[resource_name].arn sns_topic_policy = iam.get_policy_document( policy_id="__default_policy_ID", statements=[ iam.GetPolicyDocumentStatementArgs( actions=["SNS:Subscribe"], resources=[arn], effect="Allow", principals=[ iam.GetPolicyDocumentStatementPrincipalArgs( type="AWS", identifiers=[cross_account_target_id]) ], ), iam.GetPolicyDocumentStatementArgs( actions=[ "SNS:Subscribe", "SNS:SetTopicAttributes", "SNS:RemovePermission", "SNS:Receive", "SNS:Publish", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:DeleteTopic", "SNS:AddPermission", ], conditions=[ iam.GetPolicyDocumentStatementConditionArgs( test="StringEquals", variable="AWS:SourceOwner", values=[cross_account_source_id], ) ], effect="Allow", principals=[ iam.GetPolicyDocumentStatementPrincipalArgs( type="AWS", identifiers=["*"], ) ], resources=[arn], sid="__default_statement_ID", ) ]) policy = sns.TopicPolicy(resource_name, arn=topic.arn, policy=sns_topic_policy.json) pulumi.export(resource_name + "-policy", policy.id)