forked from noyonict/aws-chatbot-slack-channel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
59 lines (48 loc) · 1.62 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
locals {
cf_name = replace(var.configuration_name, "_", "-")
}
resource "aws_cloudformation_stack" "chatbot_slack_configuration" {
name = "${local.cf_name}-slack"
template_body = data.local_file.cloudformation_template.content
parameters = {
ConfigurationNameParameter = var.configuration_name
GuardrailPoliciesParameter = join(",", var.guardrail_policies)
IamRoleArnParameter = aws_iam_role.chatbot.arn
LoggingLevelParameter = var.logging_level
SlackChannelIdParameter = var.slack_channel_id
SlackWorkspaceIdParameter = var.slack_workspace_id
SnsTopicArnsParameter = aws_sns_topic.chatbot_sns_topic.arn
UserRoleRequiredParameter = var.user_role_required
}
tags = var.tags
}
data "local_file" "cloudformation_template" {
filename = "${path.module}/cloudformation.yml"
}
resource "aws_iam_role" "chatbot" {
name = "${var.configuration_name}_chatbot"
assume_role_policy = data.aws_iam_policy_document.assume.json
tags = var.tags
}
data "aws_iam_policy_document" "assume" {
version = "2012-10-17"
statement {
actions = [
"sts:AssumeRole"
]
principals {
identifiers = ["chatbot.amazonaws.com"]
type = "Service"
}
effect = "Allow"
}
}
resource "aws_iam_role_policy_attachment" "cloudwatch-readonly-policy-attachment" {
role = aws_iam_role.chatbot.id
policy_arn = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess"
}
resource "aws_sns_topic" "chatbot_sns_topic" {
name = "${var.configuration_name}-sns-topic"
kms_master_key_id = var.kms_key != "" ? var.kms_key : "alias/aws/sns"
tags = var.tags
}