From c095c6b2905520bcc440cce78254dc77183a7960 Mon Sep 17 00:00:00 2001
From: Anton Eremin <mobessona2@gmail.com>
Date: Wed, 13 Sep 2023 13:55:32 +0500
Subject: [PATCH] feat(sns): made sns dql optional & Fix: #55

---
 perm_revoker_lambda.tf  | 4 ++--
 slack_handler_lambda.tf | 4 ++--
 sns.tf                  | 4 +++-
 vars.tf                 | 3 ++-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/perm_revoker_lambda.tf b/perm_revoker_lambda.tf
index 959445f..ba74333 100644
--- a/perm_revoker_lambda.tf
+++ b/perm_revoker_lambda.tf
@@ -72,8 +72,8 @@ module "access_revoker" {
   attach_policy_json = true
   policy_json        = data.aws_iam_policy_document.revoker.json
 
-  dead_letter_target_arn    = aws_sns_topic.dlq.arn
-  attach_dead_letter_policy = true
+  dead_letter_target_arn    = var.aws_sns_topic_subscription_email != "" ? aws_sns_topic.dlq[0].arn : null
+  attach_dead_letter_policy = var.aws_sns_topic_subscription_email != "" ? true : false
 
   # do not retry automatically
   maximum_retry_attempts = 0
diff --git a/slack_handler_lambda.tf b/slack_handler_lambda.tf
index 6992b30..9cea9b7 100644
--- a/slack_handler_lambda.tf
+++ b/slack_handler_lambda.tf
@@ -68,8 +68,8 @@ module "access_requester_slack_handler" {
   attach_policy_json = true
   policy_json        = data.aws_iam_policy_document.slack_handler.json
 
-  dead_letter_target_arn    = aws_sns_topic.dlq.arn
-  attach_dead_letter_policy = true
+  dead_letter_target_arn    = var.aws_sns_topic_subscription_email != "" ? aws_sns_topic.dlq[0].arn : null
+  attach_dead_letter_policy = var.aws_sns_topic_subscription_email != "" ? true : false
 
   # do not retry automatically
   maximum_retry_attempts = 0
diff --git a/sns.tf b/sns.tf
index f168a18..90a833f 100644
--- a/sns.tf
+++ b/sns.tf
@@ -1,11 +1,13 @@
 resource "aws_sns_topic" "dlq" {
+  count             = var.aws_sns_topic_subscription_email != "" ? 1 : 0
   name              = var.requester_lambda_name
   kms_master_key_id = "alias/aws/sns" # tfsec:ignore:aws-sns-topic-encryption-use-cmk
   tags              = var.tags
 }
 
 resource "aws_sns_topic_subscription" "dlq" {
-  topic_arn = aws_sns_topic.dlq.arn
+  count     = var.aws_sns_topic_subscription_email != "" ? 1 : 0
+  topic_arn = aws_sns_topic.dlq[0].arn
   protocol  = "email"
   endpoint  = var.aws_sns_topic_subscription_email
 }
diff --git a/vars.tf b/vars.tf
index faf7367..0033499 100644
--- a/vars.tf
+++ b/vars.tf
@@ -7,6 +7,7 @@ variable "tags" {
 variable "aws_sns_topic_subscription_email" {
   description = "value for the email address to subscribe to the SNS topic"
   type        = string
+  default     = ""
 }
 
 variable "slack_signing_secret" {
@@ -170,4 +171,4 @@ variable "max_permissions_duration_time" {
   description = "Maximum duration of the permissions granted by the Elevator in hours."
   type        = number
   default     = 24
-}
\ No newline at end of file
+}