UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi/pulumi-aws

286 lines • 13.3 kB

JavaScript

"use strict"; // *** WARNING: this file was generated by pulumi-language-nodejs. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.TopicSubscription = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues. * * > **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription. * * > **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts. * * > **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`. * * > **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic. * * > **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it. * * ## Example Usage * * ### Basic usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const userUpdates = new aws.sns.Topic("user_updates", {name: "user-updates-topic"}); * const sqsQueuePolicy = aws.iam.getPolicyDocumentOutput({ * policyId: "arn:aws:sqs:us-west-2:123456789012:user_updates_queue/SQSDefaultPolicy", * statements: [{ * sid: "user_updates_sqs_target", * effect: "Allow", * principals: [{ * type: "Service", * identifiers: ["sns.amazonaws.com"], * }], * actions: ["SQS:SendMessage"], * resources: ["arn:aws:sqs:us-west-2:123456789012:user-updates-queue"], * conditions: [{ * test: "ArnEquals", * variable: "aws:SourceArn", * values: [userUpdates.arn], * }], * }], * }); * const userUpdatesQueue = new aws.sqs.Queue("user_updates_queue", { * name: "user-updates-queue", * policy: sqsQueuePolicy.apply(sqsQueuePolicy => sqsQueuePolicy.json), * }); * const userUpdatesSqsTarget = new aws.sns.TopicSubscription("user_updates_sqs_target", { * topic: userUpdates.arn, * protocol: "sqs", * endpoint: userUpdatesQueue.arn, * }); * ``` * * ### Example Cross-account Subscription * * You can subscribe SNS topics to SQS queues in different Amazon accounts and regions: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const config = new pulumi.Config(); * const sns = config.getObject<any>("sns") || { * "account-id": "111111111111", * displayName: "example", * name: "example-sns-topic", * region: "us-west-1", * "role-name": "service/service", * }; * const sqs = config.getObject<any>("sqs") || { * "account-id": "222222222222", * name: "example-sqs-queue", * region: "us-east-1", * "role-name": "service/service", * }; * const snsTopicPolicy = aws.iam.getPolicyDocument({ * policyId: "__default_policy_ID", * statements: [ * { * actions: [ * "SNS:Subscribe", * "SNS:SetTopicAttributes", * "SNS:RemovePermission", * "SNS:Publish", * "SNS:ListSubscriptionsByTopic", * "SNS:GetTopicAttributes", * "SNS:DeleteTopic", * "SNS:AddPermission", * ], * conditions: [{ * test: "StringEquals", * variable: "AWS:SourceOwner", * values: [sns["account-id"]], * }], * effect: "Allow", * principals: [{ * type: "AWS", * identifiers: ["*"], * }], * resources: [`arn:aws:sns:${sns.region}:${sns["account-id"]}:${sns.name}`], * sid: "__default_statement_ID", * }, * { * actions: [ * "SNS:Subscribe", * "SNS:Receive", * ], * conditions: [{ * test: "StringLike", * variable: "SNS:Endpoint", * values: [`arn:aws:sqs:${sqs.region}:${sqs["account-id"]}:${sqs.name}`], * }], * effect: "Allow", * principals: [{ * type: "AWS", * identifiers: ["*"], * }], * resources: [`arn:aws:sns:${sns.region}:${sns["account-id"]}:${sns.name}`], * sid: "__console_sub_0", * }, * ], * }); * const sqsQueuePolicy = aws.iam.getPolicyDocument({ * policyId: `arn:aws:sqs:${sqs.region}:${sqs["account-id"]}:${sqs.name}/SQSDefaultPolicy`, * statements: [{ * sid: "example-sns-topic", * effect: "Allow", * principals: [{ * type: "AWS", * identifiers: ["*"], * }], * actions: ["SQS:SendMessage"], * resources: [`arn:aws:sqs:${sqs.region}:${sqs["account-id"]}:${sqs.name}`], * conditions: [{ * test: "ArnEquals", * variable: "aws:SourceArn", * values: [`arn:aws:sns:${sns.region}:${sns["account-id"]}:${sns.name}`], * }], * }], * }); * const snsTopic = new aws.sns.Topic("sns_topic", { * name: sns.name, * displayName: sns.display_name, * policy: snsTopicPolicy.then(snsTopicPolicy => snsTopicPolicy.json), * }); * const sqsQueue = new aws.sqs.Queue("sqs_queue", { * name: sqs.name, * policy: sqsQueuePolicy.then(sqsQueuePolicy => sqsQueuePolicy.json), * }); * const snsTopicTopicSubscription = new aws.sns.TopicSubscription("sns_topic", { * topic: snsTopic.arn, * protocol: "sqs", * endpoint: sqsQueue.arn, * }); * ``` * * ### Example with Delivery Policy * * This example demonstrates how to define a `deliveryPolicy` for an HTTPS subscription. Unlike the `aws.sns.Topic` resource, the `deliveryPolicy` for `aws.sns.TopicSubscription` should not be wrapped in an `"http"` object. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const exampleWithDeliveryPolicy = new aws.sns.TopicSubscription("example_with_delivery_policy", { * topic: "arn:aws:sns:us-west-2:123456789012:my-topic", * protocol: "https", * endpoint: "https://example.com/endpoint", * rawMessageDelivery: true, * deliveryPolicy: `{ * "healthyRetryPolicy": { * "minDelayTarget": 20, * "maxDelayTarget": 20, * "numRetries": 3, * "numMaxDelayRetries": 0, * "numNoDelayRetries": 0, * "numMinDelayRetries": 0, * "backoffFunction": "linear" * }, * "sicklyRetryPolicy": null, * "throttlePolicy": null, * "requestPolicy": { * "headerContentType": "text/plain; application/json" * }, * "guaranteed": false * } * `, * }); * ``` * * ## Import * * Using `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example: * * ```sh * $ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f * ``` */ class TopicSubscription extends pulumi.CustomResource { /** * Get an existing TopicSubscription resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new TopicSubscription(name, state, { ...opts, id: id }); } /** * Returns true if the given object is an instance of TopicSubscription. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === TopicSubscription.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["arn"] = state?.arn; resourceInputs["confirmationTimeoutInMinutes"] = state?.confirmationTimeoutInMinutes; resourceInputs["confirmationWasAuthenticated"] = state?.confirmationWasAuthenticated; resourceInputs["deliveryPolicy"] = state?.deliveryPolicy; resourceInputs["endpoint"] = state?.endpoint; resourceInputs["endpointAutoConfirms"] = state?.endpointAutoConfirms; resourceInputs["filterPolicy"] = state?.filterPolicy; resourceInputs["filterPolicyScope"] = state?.filterPolicyScope; resourceInputs["ownerId"] = state?.ownerId; resourceInputs["pendingConfirmation"] = state?.pendingConfirmation; resourceInputs["protocol"] = state?.protocol; resourceInputs["rawMessageDelivery"] = state?.rawMessageDelivery; resourceInputs["redrivePolicy"] = state?.redrivePolicy; resourceInputs["region"] = state?.region; resourceInputs["replayPolicy"] = state?.replayPolicy; resourceInputs["subscriptionRoleArn"] = state?.subscriptionRoleArn; resourceInputs["topic"] = state?.topic; } else { const args = argsOrState; if (args?.endpoint === undefined && !opts.urn) { throw new Error("Missing required property 'endpoint'"); } if (args?.protocol === undefined && !opts.urn) { throw new Error("Missing required property 'protocol'"); } if (args?.topic === undefined && !opts.urn) { throw new Error("Missing required property 'topic'"); } resourceInputs["confirmationTimeoutInMinutes"] = args?.confirmationTimeoutInMinutes; resourceInputs["deliveryPolicy"] = args?.deliveryPolicy; resourceInputs["endpoint"] = args?.endpoint; resourceInputs["endpointAutoConfirms"] = args?.endpointAutoConfirms; resourceInputs["filterPolicy"] = args?.filterPolicy; resourceInputs["filterPolicyScope"] = args?.filterPolicyScope; resourceInputs["protocol"] = args?.protocol; resourceInputs["rawMessageDelivery"] = args?.rawMessageDelivery; resourceInputs["redrivePolicy"] = args?.redrivePolicy; resourceInputs["region"] = args?.region; resourceInputs["replayPolicy"] = args?.replayPolicy; resourceInputs["subscriptionRoleArn"] = args?.subscriptionRoleArn; resourceInputs["topic"] = args?.topic; resourceInputs["arn"] = undefined /*out*/; resourceInputs["confirmationWasAuthenticated"] = undefined /*out*/; resourceInputs["ownerId"] = undefined /*out*/; resourceInputs["pendingConfirmation"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(TopicSubscription.__pulumiType, name, resourceInputs, opts); } } exports.TopicSubscription = TopicSubscription; /** @internal */ TopicSubscription.__pulumiType = 'aws:sns/topicSubscription:TopicSubscription'; //# sourceMappingURL=topicSubscription.js.map