Resource: awsSnsTopicPolicy
Provides an SNS topic policy resource
\~> NOTE: If a Principal is specified as just an AWS account ID rather than an ARN, AWS silently converts it to the ARN for the root user, causing future terraform plans to differ. To avoid this problem, just specify the full ARN, e.g., arn:aws:iam::123456789012:root
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSnsTopicTest = new aws.snsTopic.SnsTopic(this, "test", {
name: "my-topic-with-policy",
});
const dataAwsIamPolicyDocumentSnsTopicPolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"sns_topic_policy",
{
policyId: "__default_policy_ID",
statement: [
{
actions: [
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:DeleteTopic",
"SNS:AddPermission",
],
condition: [
{
test: "StringEquals",
values: ["${var.account-id}"],
variable: "AWS:SourceOwner",
},
],
effect: "Allow",
principals: [
{
identifiers: ["*"],
type: "AWS",
},
],
resources: [awsSnsTopicTest.arn],
sid: "__default_statement_ID",
},
],
}
);
new aws.snsTopicPolicy.SnsTopicPolicy(this, "default", {
arn: awsSnsTopicTest.arn,
policy: dataAwsIamPolicyDocumentSnsTopicPolicy.json,
});
Argument Reference
The following arguments are supported:
arn- (Required) The ARN of the SNS topicpolicy- (Required) The fully-formed AWS policy as JSON. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
owner- The AWS Account ID of the SNS topic owner
Import
SNS Topic Policy can be imported using the topic ARN, e.g.,