def add_sns_topic(self):
"""
Create sns topic to push mail content from SES
"""
sns_imp_topic = sns.Topic(resource_name=format_resource_name("topic"))
return sns_imp_topic
import json
from pulumi_aws import cloudwatch, sns, dynamodb, ec2, ecr, ecs, iam, kinesis, sqs
## CloudWatch
logins_topic = sns.Topic("myloginstopic")
event_rule = cloudwatch.EventRule("myeventrule",
event_pattern=json.dumps({
"detail-type":
["AWS Console Sign In via CloudTrail"]
}))
event_target = cloudwatch.EventTarget("myeventtarget",
rule=event_rule.name,
target_id="SendToSNS",
arn=logins_topic.arn)
log_group = cloudwatch.LogGroup("myloggroup")
log_metric_filter = cloudwatch.LogMetricFilter(
"mylogmetricfilter",
pattern="",
log_group_name=log_group.name,
metric_transformation=cloudwatch.LogMetricFilterMetricTransformationArgs(
name="EventCount",
namespace="YourNamespace",
value="1",
))
log_stream = cloudwatch.LogStream("mylogstream", log_group_name=log_group.name)
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}""",
)
sns_topic = sns.Topic(
f"gods-topic",
sqs_failure_feedback_role_arn=role.arn,
sqs_success_feedback_role_arn=role.arn,
)
weapons_topic = sns.Topic(
f"weapons-topic",
sqs_failure_feedback_role_arn=role.arn,
sqs_success_feedback_role_arn=role.arn,
)
sns.TopicSubscription(
f"weapons-subscription",
endpoint=weapons_queue.arn,
protocol="sqs",
topic=weapons_topic.arn,
)
def Topic(self):
resource_specs = ParseYAML(resource_type).getSpecs()
for sns_topic_name, sns_topic_configuration in resource_specs[
"topic"].items():
sns_topic_configuration = sns_topic_configuration if sns_topic_configuration else {}
resource_name = sns_topic_name
resource_tags = sns_topic_configuration.get("tags")
# Getting list of tags from configuration file
tags_list = {}
if resource_tags is not None:
for each_tag_name, each_tag_value in resource_tags.items():
tags_list.update({each_tag_name: each_tag_value})
# Adding mandatory tags
tags_list.update({"Name": resource_name})
tags_list.update({
"Project/Stack":
pulumi.get_project() + "/" + pulumi.get_stack()
})
tags_list.update(resource_mandatory_tags)
# Create SNSs
topic = sns.Topic(resource_name, tags=tags_list)
sns_topic_by_name[resource_name] = topic
# Export
pulumi.export(topic._name, topic.id)
# Attach policy if needed
cross_account_source_id = sns_topic_configuration.get(
"cross_account_source_id")
cross_account_target_id = sns_topic_configuration.get(
"cross_account_target_id")
if cross_account_source_id and cross_account_target_id:
arn = sns_topic_by_name[resource_name].arn
sns_topic_policy = iam.get_policy_document(
policy_id="__default_policy_ID",
statements=[
iam.GetPolicyDocumentStatementArgs(
actions=["SNS:Subscribe"],
resources=[arn],
effect="Allow",
principals=[
iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=[cross_account_target_id])
],
),
iam.GetPolicyDocumentStatementArgs(
actions=[
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:DeleteTopic",
"SNS:AddPermission",
],
conditions=[
iam.GetPolicyDocumentStatementConditionArgs(
test="StringEquals",
variable="AWS:SourceOwner",
values=[cross_account_source_id],
)
],
effect="Allow",
principals=[
iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=["*"],
)
],
resources=[arn],
sid="__default_statement_ID",
)
])
policy = sns.TopicPolicy(resource_name,
arn=topic.arn,
policy=sns_topic_policy.json)
pulumi.export(resource_name + "-policy", policy.id)