feat(sns): made sns dql optional & Fix: #55

fivexl · Sep 13, 2023 · c095c6b · c095c6b
1 parent 4159897
commit c095c6b
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/perm_revoker_lambda.tf b/perm_revoker_lambda.tf
@@ -72,8 +72,8 @@ module "access_revoker" {
   attach_policy_json = true
   policy_json        = data.aws_iam_policy_document.revoker.json
 
-  dead_letter_target_arn    = aws_sns_topic.dlq.arn
-  attach_dead_letter_policy = true
+  dead_letter_target_arn    = var.aws_sns_topic_subscription_email != "" ? aws_sns_topic.dlq[0].arn : null
+  attach_dead_letter_policy = var.aws_sns_topic_subscription_email != "" ? true : false
 
   # do not retry automatically
   maximum_retry_attempts = 0

diff --git a/slack_handler_lambda.tf b/slack_handler_lambda.tf
@@ -68,8 +68,8 @@ module "access_requester_slack_handler" {
   attach_policy_json = true
   policy_json        = data.aws_iam_policy_document.slack_handler.json
 
-  dead_letter_target_arn    = aws_sns_topic.dlq.arn
-  attach_dead_letter_policy = true
+  dead_letter_target_arn    = var.aws_sns_topic_subscription_email != "" ? aws_sns_topic.dlq[0].arn : null
+  attach_dead_letter_policy = var.aws_sns_topic_subscription_email != "" ? true : false
 
   # do not retry automatically
   maximum_retry_attempts = 0

diff --git a/sns.tf b/sns.tf
@@ -1,11 +1,13 @@
 resource "aws_sns_topic" "dlq" {
+  count             = var.aws_sns_topic_subscription_email != "" ? 1 : 0
   name              = var.requester_lambda_name
   kms_master_key_id = "alias/aws/sns" # tfsec:ignore:aws-sns-topic-encryption-use-cmk
   tags              = var.tags
 }
 
 resource "aws_sns_topic_subscription" "dlq" {
-  topic_arn = aws_sns_topic.dlq.arn
+  count     = var.aws_sns_topic_subscription_email != "" ? 1 : 0
+  topic_arn = aws_sns_topic.dlq[0].arn
   protocol  = "email"
   endpoint  = var.aws_sns_topic_subscription_email
 }
diff --git a/vars.tf b/vars.tf
@@ -7,6 +7,7 @@ variable "tags" {
 variable "aws_sns_topic_subscription_email" {
   description = "value for the email address to subscribe to the SNS topic"
   type        = string
+  default     = ""
 }
 
 variable "slack_signing_secret" {
@@ -170,4 +171,4 @@ variable "max_permissions_duration_time" {
   description = "Maximum duration of the permissions granted by the Elevator in hours."
   type        = number
   default     = 24
-}
+}