kirby/documentation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

terraform: add applications module

Browse Source
This commit is contained in:
kirby 2025-05-28 12:02:11 +02:00
parent 7bf1db48f7
commit 5620165b33
11 changed files with 693 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
terraform/modules/applications/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
*.swp
.terraform*
main.tfvars
terraform.tfstate*
plan.tfplan
errored.tfstate
!.terraform-docs.yml

47
terraform/modules/applications/.terraform-docs.yml Normal file
View File

@ -0,0 +1,47 @@
formatter: "md table" # this is required
version: ""
header-from: docs/header.md
footer-from: ""
recursive:
enabled: false
path: modules
sections:
hide: []
show: []
content: ""
output:
file: ""
mode: inject
template: |-
<!-- BEGIN_TF_DOCS -->
{{ .Content }}
<!-- END_TF_DOCS -->
output-values:
enabled: false
from: ""
sort:
enabled: true
by: name
settings:
anchor: true
color: true
default: true
description: false
escape: true
hide-empty: false
html: true
indent: 2
lockfile: true
read-comments: true
required: true
sensitive: true
type: true

118
terraform/modules/applications/README.md Normal file
View File

@ -0,0 +1,118 @@
<!-- BEGIN_TF_DOCS -->
## Description du module
Ce module a pour but de gérer les applications et leur ressources associées dans le cloud public Scaleway.
## Fonctionnement du module
- Ce module prend en charge la gestion des ressources suivantes :
- Les applications, groupes et policies de l'IAM Scaleway.
- Les buckets S3 et de leur policy associée.
- Les file d'attente de type SQS et leurs identifiants associés.
### Fonctionnement bucket S3
#### Pré-requis
- Une liste de bucket est déclarée au sein de l'application.
- Pour déclarer des règles de cycle de vie (lifecycle\_rules), au moins expiration\_days ou le couple transition\_days et transition\_sc doivent être déclarés.
#### Fonctionnement
- Pour chaque bucket de la liste buckets\_list, une resource va être déclarée. Dans cette ressource, une lifecycle\_rule va être déclarée pour chaque membre de la liste de lifecycle\_rule.
- Pour chaque bucket de la liste buckets\_list, une policy est attachée et contient 3 sections :
- Une section pour autoriser l'application principale à accéder au bucket.
- Une section pour donner accès aux user\_id et application\_id des administrateurs.
- Une section pour donner accès à d'autres user\_id pour une application tierce.
### Fonctionnement SQS
#### Pré-requis
- Avoir activé le module SQS dans l'interface Scaleway -> Messaging.
- Une liste de queue est déclarée au sein de l'application.
#### Informations
- On utilise une resource de type scaleway\_mnq\_sqs\_credentials.admin\_creds par projet. En effet, en lui donnant uniquement le droit "can\_manage", elle peut créer, supprimer et modifier des queues mais pas accéder à leur contenu.
- En parallèle, on créé un jeu d'identifiant par application et par queue qui ne disposent que des droits de publication/réception.
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_scaleway"></a> [scaleway](#requirement\_scaleway) | >= 1.11.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_scaleway"></a> [scaleway](#provider\_scaleway) | >= 1.11.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [scaleway_iam_api_key.keys](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_api_key) | resource |
| [scaleway_iam_application.apps](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_application) | resource |
| [scaleway_iam_group.groups](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_group) | resource |
| [scaleway_iam_policy.group_policies](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/iam_policy) | resource |
| [scaleway_mnq_sns_credentials.app_creds](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sns_credentials) | resource |
| [scaleway_mnq_sns_topic.main](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sns_topic) | resource |
| [scaleway_mnq_sqs_credentials.app_creds](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sqs_credentials) | resource |
| [scaleway_mnq_sqs_queue.main](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/mnq_sqs_queue) | resource |
| [scaleway_object_bucket.s3_buckets](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket_policy.s3_policies](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_policy) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_admin_creds_access_key"></a> [admin\_creds\_access\_key](#input\_admin\_creds\_access\_key) | SQS Admin access key | `string` | `""` | no |
| <a name="input_admin_creds_secret_key"></a> [admin\_creds\_secret\_key](#input\_admin\_creds\_secret\_key) | SQS Admin secret key | `string` | `""` | no |
| <a name="input_admins_user_id"></a> [admins\_user\_id](#input\_admins\_user\_id) | List of s3 admin user's ID | `list(string)` | `[]` | no |
| <a name="input_app_desc"></a> [app\_desc](#input\_app\_desc) | Application's description | `string` | `""` | no |
| <a name="input_app_name"></a> [app\_name](#input\_app\_name) | Name of the application | `string` | `"changeme"` | no |
| <a name="input_app_tags"></a> [app\_tags](#input\_app\_tags) | Application's tags | `map(string)` | `{}` | no |
| <a name="input_buckets_list"></a> [buckets\_list](#input\_buckets\_list) | List of the application's buckets | <pre>list(object({<br> bucket_name = string<br> bucket_region = optional(string)<br> bucket_versioning = optional(bool)<br> bucket_tags = optional(map(string))<br> bucket_policy_actions = optional(list(string))<br> bucket_lifecycle_rules = optional(list(object({<br> id = string<br> enabled = bool<br> prefix = optional(string)<br> expiration_days = optional(number)<br> transition_days = optional(number)<br> transition_sc = optional(string)<br> tags = optional(map(string))<br> })))<br> other_app_access = optional(list(string))<br> other_app_policy_actions= optional(list(string))<br> }))</pre> | n/a | yes |
| <a name="input_env"></a> [env](#input\_env) | App's environment (dev/stg/prd) | `string` | `"dev"` | no |
| <a name="input_policy_permissions"></a> [policy\_permissions](#input\_policy\_permissions) | Policy permissions for app | `list(string)` | `[]` | no |
| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | App's project ID | `string` | `"changeme"` | no |
| <a name="input_readonly_users_id"></a> [readonly\_users\_id](#input\_readonly\_users\_id) | List of readonly user's ID | `list(string)` | `[]` | no |
| <a name="input_sns_admin_creds_access_key"></a> [sns\_admin\_creds\_access\_key](#input\_sns\_admin\_creds\_access\_key) | SNS Admin access key | `string` | `""` | no |
| <a name="input_sns_admin_creds_secret_key"></a> [sns\_admin\_creds\_secret\_key](#input\_sns\_admin\_creds\_secret\_key) | SNS Admin secret key | `string` | `""` | no |
| <a name="input_sns_can_manage"></a> [sns\_can\_manage](#input\_sns\_can\_manage) | Can SNS credentials manage the topic | `bool` | `false` | no |
| <a name="input_sns_can_publish"></a> [sns\_can\_publish](#input\_sns\_can\_publish) | Can SNS credentials publish message to the topic | `bool` | `true` | no |
| <a name="input_sns_can_receive"></a> [sns\_can\_receive](#input\_sns\_can\_receive) | Can SNS credentials receive message from the topic | `bool` | `true` | no |
| <a name="input_sns_fifo_topic"></a> [sns\_fifo\_topic](#input\_sns\_fifo\_topic) | Is the topic in FIFO mode ? (name must end with .fifo) | `bool` | `false` | no |
| <a name="input_sns_topic_list"></a> [sns\_topic\_list](#input\_sns\_topic\_list) | List of the SNS topics | <pre>list(object({<br> sns_topic_name = string<br> sns_fifo_topic = optional(bool)<br> }))</pre> | n/a | yes |
| <a name="input_sqs_can_manage"></a> [sqs\_can\_manage](#input\_sqs\_can\_manage) | Can SQS credentials manage the queue | `bool` | `false` | no |
| <a name="input_sqs_can_publish"></a> [sqs\_can\_publish](#input\_sqs\_can\_publish) | Can SQS credentials publish message to the queue | `bool` | `true` | no |
| <a name="input_sqs_can_receive"></a> [sqs\_can\_receive](#input\_sqs\_can\_receive) | Can SQS credentials receive message from the queue | `bool` | `true` | no |
| <a name="input_sqs_fifo_queue"></a> [sqs\_fifo\_queue](#input\_sqs\_fifo\_queue) | Is the queue in FIFO mode ? | `bool` | `false` | no |
| <a name="input_sqs_message_max_age"></a> [sqs\_message\_max\_age](#input\_sqs\_message\_max\_age) | Max age of message before being deleted in seconds | `number` | `345600` | no |
| <a name="input_sqs_message_max_size"></a> [sqs\_message\_max\_size](#input\_sqs\_message\_max\_size) | Max size of message accepted in octet | `number` | `262144` | no |
| <a name="input_sqs_queue_list"></a> [sqs\_queue\_list](#input\_sqs\_queue\_list) | List of the SQS queues | <pre>list(object({<br> sqs_queue_name = string<br> sqs_fifo_queue = optional(bool)<br> sqs_message_max_age = optional(string)<br> sqs_message_max_size= optional(string)<br> }))</pre> | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_api_access_key"></a> [api\_access\_key](#output\_api\_access\_key) | App access key |
| <a name="output_api_secret_key"></a> [api\_secret\_key](#output\_api\_secret\_key) | App secret key |
| <a name="output_app_desc"></a> [app\_desc](#output\_app\_desc) | Description of the application |
| <a name="output_app_id"></a> [app\_id](#output\_app\_id) | ID of the application |
| <a name="output_app_name"></a> [app\_name](#output\_app\_name) | Name of the application |
| <a name="output_bucket_ID"></a> [bucket\_ID](#output\_bucket\_ID) | ID of the bucket |
| <a name="output_bucket_endpoint"></a> [bucket\_endpoint](#output\_bucket\_endpoint) | Bucket's endpoint |
| <a name="output_sns_creds_access_key"></a> [sns\_creds\_access\_key](#output\_sns\_creds\_access\_key) | SNS Credentials access key |
| <a name="output_sns_creds_secret_key"></a> [sns\_creds\_secret\_key](#output\_sns\_creds\_secret\_key) | SNS Credentials secret key |
| <a name="output_sns_topic_arn"></a> [sns\_topic\_arn](#output\_sns\_topic\_arn) | SNS Topic ARN |
| <a name="output_sqs_creds_access_key"></a> [sqs\_creds\_access\_key](#output\_sqs\_creds\_access\_key) | SQS Credentials access key |
| <a name="output_sqs_creds_secret_key"></a> [sqs\_creds\_secret\_key](#output\_sqs\_creds\_secret\_key) | SQS Credentials secret key |
| <a name="output_sqs_url_endpoint"></a> [sqs\_url\_endpoint](#output\_sqs\_url\_endpoint) | SQS URL Endpoint |
<!-- END_TF_DOCS -->

115
terraform/modules/applications/buckets.tf Normal file
View File

@ -0,0 +1,115 @@
resource "scaleway_object_bucket" "s3_buckets" {
for_each = (var.buckets_list == null) ? {} : { for b in var.buckets_list : b.bucket_name => b }
name = each.value.bucket_name
tags = each.value.bucket_tags
region = each.value.bucket_region
project_id = var.project_id
versioning {
enabled = each.value.bucket_versioning
}
/* Dans cette section, on ajoute un bloc lifecycle_rule pour chaque
élément présent dans la liste lifecycle_rules de l'objet buckets.
*/
dynamic "lifecycle_rule" {
for_each = each.value.bucket_lifecycle_rules
content {
id = lifecycle_rule.value["id"]
prefix = lifecycle_rule.value["prefix"]
enabled = lifecycle_rule.value["enabled"]
tags = lifecycle_rule.value["tags"]
/* On ajoute les blocs expiration ou transition en fonction
de la présence ou non des variables expiration_days,
transition_days et transition_sc. Au moins l'un de ces blocs
est obligatoire pour que la règle soit valide.
*/
dynamic "expiration" {
for_each = lifecycle_rule.value["expiration_days"] == null ? [] : [1]
content {
days = lifecycle_rule.value["expiration_days"]
}
}
dynamic "transition" {
for_each = (lifecycle_rule.value["transition_days"] == null) && (lifecycle_rule.value["transition_sc"] == null) ? [] : [1]
content {
days = lifecycle_rule.value["transition_days"]
storage_class = lifecycle_rule.value["transition_sc"]
}
}
}
}
depends_on = [
scaleway_iam_api_key.keys
]
}
resource "scaleway_object_bucket_policy" "s3_policies" {
for_each = (var.buckets_list == null) ? {} : { for b in var.buckets_list : b.bucket_name => b }
bucket = each.value.bucket_name
policy = jsonencode({
Version = "2023-04-17",
Id = "${each.value.bucket_name}",
Statement = [
{
Sid = "RW-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = "application_id:${scaleway_iam_application.apps.id}"
},
Action = "${each.value.bucket_policy_actions}",
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
},
{
Sid = "Other-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = "${each.value.other_app_access}"
},
Action = "${each.value.other_app_policy_actions}",
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
},
{
Sid = "Admin-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = var.admins_user_id
},
Action = "s3:*",
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
},
{
Sid = "Readonly-${each.value.bucket_name}",
Effect = "Allow",
Principal = {
SCW = var.readonly_users_id
},
Action = ["s3:*"],
Resource = [
"${each.value.bucket_name}",
"${each.value.bucket_name}/*"
],
"Condition": {
"StringLike": {
"aws:Referer": "https://console.scaleway.com/*"
}
}
}
]
})
depends_on = [
scaleway_object_bucket.s3_buckets
]
}

37
terraform/modules/applications/docs/header.md Normal file
View File

@ -0,0 +1,37 @@
## Description du module
Ce module a pour but de gérer les applications et leur ressources associées dans le cloud public Scaleway.
## Fonctionnement du module
- Ce module prend en charge la gestion des ressources suivantes :
- Les applications, groupes et policies de l'IAM Scaleway.
- Les buckets S3 et de leur policy associée.
- Les file d'attente de type SQS et leurs identifiants associés.
### Fonctionnement bucket S3
#### Pré-requis
- Une liste de bucket est déclarée au sein de l'application.
- Pour déclarer des règles de cycle de vie (lifecycle_rules), au moins expiration_days ou le couple transition_days et transition_sc doivent être déclarés.
#### Fonctionnement
- Pour chaque bucket de la liste buckets_list, une resource va être déclarée. Dans cette ressource, une lifecycle_rule va être déclarée pour chaque membre de la liste de lifecycle_rule.
- Pour chaque bucket de la liste buckets_list, une policy est attachée et contient 3 sections :
- Une section pour autoriser l'application principale à accéder au bucket.
- Une section pour donner accès aux user_id et application_id des administrateurs.
- Une section pour donner accès à d'autres user_id pour une application tierce.
### Fonctionnement SQS
#### Pré-requis
- Avoir activé le module SQS dans l'interface Scaleway -> Messaging.
- Une liste de queue est déclarée au sein de l'application.
#### Informations
- On utilise une resource de type scaleway_mnq_sqs_credentials.admin_creds par projet. En effet, en lui donnant uniquement le droit "can_manage", elle peut créer, supprimer et modifier des queues mais pas accéder à leur contenu.
- En parallèle, on créé un jeu d'identifiant par application et par queue qui ne disposent que des droits de publication/réception.

41
terraform/modules/applications/iam.tf Normal file
View File

@ -0,0 +1,41 @@
resource "scaleway_iam_application" "apps" {
name = "${var.app_name}-${var.env}"
description = "${var.app_desc} env : ${var.env}"
}
resource "scaleway_iam_api_key" "keys" {
application_id = scaleway_iam_application.apps.id
description = "${var.app_name}-${var.env} api key"
default_project_id = var.project_id
depends_on = [
scaleway_iam_application.apps
]
}
resource "scaleway_iam_group" "groups" {
name = "group-${var.app_name}-${var.env}"
description = "${var.app_name} IAM group for env ${var.env}"
application_ids = [
scaleway_iam_application.apps.id
]
depends_on = [
scaleway_iam_application.apps
]
}
resource scaleway_iam_policy "group_policies" {
name = "policy-${var.app_name}-${var.env}"
description = "${var.app_name} policy for group ${scaleway_iam_group.groups.name} in env ${var.env}"
group_id = scaleway_iam_group.groups.id
rule {
project_ids = [var.project_id]
permission_set_names = var.policy_permissions
}
depends_on = [
scaleway_iam_group.groups
]
}

8
terraform/modules/applications/main.tf Normal file
View File

@ -0,0 +1,8 @@
terraform {
required_providers {
scaleway = {
source = "scaleway/scaleway"
version = ">= 1.11.0"
}
}
}

76
terraform/modules/applications/outputs.tf Normal file
View File

@ -0,0 +1,76 @@
output "app_name" {
description = "Name of the application"
value = scaleway_iam_application.apps.name
}
output "app_id" {
description = "ID of the application"
value = scaleway_iam_application.apps.id
}
output "app_desc" {
description = "Description of the application"
value = scaleway_iam_application.apps.description
}
output "api_access_key" {
description = "App access key"
value = scaleway_iam_api_key.keys.access_key
}
output "api_secret_key" {
description = "App secret key"
value = scaleway_iam_api_key.keys.secret_key
}
##############
# BUCKET OUTPUT
##############
output "bucket_ID" {
description = "ID of the bucket"
value = [ for b in scaleway_object_bucket.s3_buckets: b.id ]
}
output "bucket_endpoint" {
description = "Bucket's endpoint"
value = [ for b in scaleway_object_bucket.s3_buckets: b.endpoint ]
}
##############
# SQS OUTPUT
##############
output "sqs_creds_access_key" {
description = "SQS Credentials access key"
value = [ for c in scaleway_mnq_sqs_credentials.app_creds : c.access_key ]
}
output "sqs_creds_secret_key" {
description = "SQS Credentials secret key"
value = [ for c in scaleway_mnq_sqs_credentials.app_creds : c.secret_key ]
}
output "sqs_url_endpoint" {
description = "SQS URL Endpoint"
value = [ for c in scaleway_mnq_sqs_queue.main : c.url ]
}
##############
# SQS OUTPUT
##############
output "sns_creds_access_key" {
description = "SNS Credentials access key"
value = [ for c in scaleway_mnq_sns_credentials.app_creds : c.access_key ]
}
output "sns_creds_secret_key" {
description = "SNS Credentials secret key"
value = [ for c in scaleway_mnq_sns_credentials.app_creds : c.secret_key ]
}
output "sns_topic_arn" {
description = "SNS Topic ARN"
value = [ for a in scaleway_mnq_sns_topic.main : a.arn ]
}

24
terraform/modules/applications/sns.tf Normal file
View File

@ -0,0 +1,24 @@
resource "scaleway_mnq_sns_credentials" "app_creds" {
for_each = (var.sns_topic_list == null) ? {} : {for q in var.sns_topic_list : q.sns_topic_name => q }
project_id = var.project_id
name = "${var.app_name}-${each.value.sns_topic_name}"
permissions {
can_manage = false
can_receive = var.sns_can_receive
can_publish = var.sns_can_publish
}
}
resource "scaleway_mnq_sns_topic" "main" {
for_each = (var.sns_topic_list == null) ? {} : {for q in var.sns_topic_list : q.sns_topic_name => q }
project_id = var.project_id
name = each.value.sns_topic_name
access_key = var.sns_admin_creds_access_key
secret_key = var.sns_admin_creds_secret_key
depends_on = [
scaleway_mnq_sns_credentials.app_creds
]
}

28
terraform/modules/applications/sqs.tf Normal file
View File

@ -0,0 +1,28 @@
resource "scaleway_mnq_sqs_credentials" "app_creds" {
for_each = (var.sqs_queue_list == null) ? {} : {for q in var.sqs_queue_list : q.sqs_queue_name => q }
project_id = var.project_id
name = "${var.app_name}-${each.value.sqs_queue_name}"
permissions {
can_manage = false
can_receive = var.sqs_can_receive
can_publish = var.sqs_can_publish
}
}
resource "scaleway_mnq_sqs_queue" "main" {
for_each = (var.sqs_queue_list == null) ? {} : {for q in var.sqs_queue_list : q.sqs_queue_name => q }
project_id = var.project_id
name = each.value.sqs_queue_name
access_key = var.admin_creds_access_key
secret_key = var.admin_creds_secret_key
fifo_queue = each.value.sqs_fifo_queue
message_max_age = each.value.sqs_message_max_age
message_max_size= each.value.sqs_message_max_size
depends_on = [
scaleway_mnq_sqs_credentials.app_creds
]
}

192
terraform/modules/applications/variables.tf Normal file
View File

@ -0,0 +1,192 @@
###################
# GLOBAL VARIABLES
###################
variable "project_id" {
description = "App's project ID"
type = string
default = "changeme"
}
###################
# APP VARIABLES
###################
variable "app_name" {
description = "Name of the application"
type = string
default = "changeme"
}
variable "app_desc" {
description = "Application's description"
type = string
default = ""
}
variable "app_tags" {
description = "Application's tags"
type = map(string)
default = {}
}
variable "env" {
description = "App's environment (dev/stg/prd)"
type = string
default = "dev"
}
variable "policy_permissions" {
description = "Policy permissions for app"
type = list(string)
default = []
}
###################
# BUCKETS VARIABLE
###################
variable "buckets_list" {
description = "List of the application's buckets"
type = list(object({
bucket_name = string
bucket_region = optional(string)
bucket_versioning = optional(bool)
bucket_tags = optional(map(string))
bucket_policy_actions = optional(list(string))
bucket_lifecycle_rules = optional(list(object({
id = string
enabled = bool
prefix = optional(string)
expiration_days = optional(number)
transition_days = optional(number)
transition_sc = optional(string)
tags = optional(map(string))
})))
other_app_access = optional(list(string))
other_app_policy_actions= optional(list(string))
}))
}
# 09/01/2024 - Pas possible de mettre des group_id comme principal
# cf https://feature-request.scaleway.com/posts/714/bucket-policy-with-group_id
variable "admins_user_id" {
description = "List of s3 admin user's ID"
type = list(string)
default = []
}
variable "readonly_users_id" {
description = "List of readonly user's ID"
type = list(string)
default = []
}
###################
# SQS VARIABLES
###################
variable "sqs_queue_list" {
description = "List of the SQS queues"
type = list(object({
sqs_queue_name = string
sqs_fifo_queue = optional(bool)
sqs_message_max_age = optional(string)
sqs_message_max_size= optional(string)
}))
}
variable "sqs_can_manage" {
description = "Can SQS credentials manage the queue"
type = bool
default = false
}
variable "sqs_can_receive" {
description = "Can SQS credentials receive message from the queue"
type = bool
default = true
}
variable "sqs_can_publish" {
description = "Can SQS credentials publish message to the queue"
type = bool
default = true
}
variable "sqs_fifo_queue" {
description = "Is the queue in FIFO mode ?"
type = bool
default = false
}
variable "sqs_message_max_age" {
description = "Max age of message before being deleted in seconds"
type = number
default = 345600
}
variable "sqs_message_max_size" {
description = "Max size of message accepted in octet"
type = number
default = 262144
}
variable "admin_creds_access_key" {
description = "SQS Admin access key"
type = string
default = ""
}
variable "admin_creds_secret_key" {
description = "SQS Admin secret key"
type = string
default = ""
}
###################
# SNS VARIABLES
###################
variable "sns_topic_list" {
description = "List of the SNS topics"
type = list(object({
sns_topic_name = string
sns_fifo_topic = optional(bool)
}))
}
variable "sns_can_manage" {
description = "Can SNS credentials manage the topic"
type = bool
default = false
}
variable "sns_can_receive" {
description = "Can SNS credentials receive message from the topic"
type = bool
default = true
}
variable "sns_can_publish" {
description = "Can SNS credentials publish message to the topic"
type = bool
default = true
}
variable "sns_fifo_topic" {
description = "Is the topic in FIFO mode ? (name must end with .fifo)"
type = bool
default = false
}
variable "sns_admin_creds_access_key" {
description = "SNS Admin access key"
type = string
default = ""
}
variable "sns_admin_creds_secret_key" {
description = "SNS Admin secret key"
type = string
default = ""
}