feat: Add support for signature version (#42)

Co-authored-by: magreenbaum <magreenbaum>
terraform-aws-modules · Feb 25, 2023 · b7d59e3 · b7d59e3
1 parent b025824
commit b7d59e3
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -135,13 +135,13 @@ module "sns_topic" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.40 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.56 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.40 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.56 |
 
 ## Modules
 
@@ -176,6 +176,7 @@ No modules.
 | <a name="input_lambda_feedback"></a> [lambda\_feedback](#input\_lambda\_feedback) | Map of IAM role ARNs and sample rate for success and failure feedback | `map(string)` | `{}` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the SNS topic to create | `string` | `null` | no |
 | <a name="input_override_topic_policy_documents"></a> [override\_topic\_policy\_documents](#input\_override\_topic\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` | `list(string)` | `[]` | no |
+| <a name="input_signature_version"></a> [signature\_version](#input\_signature\_version) | If SignatureVersion should be 1 (SHA1) or 2 (SHA256). The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS. | `number` | `null` | no |
 | <a name="input_source_topic_policy_documents"></a> [source\_topic\_policy\_documents](#input\_source\_topic\_policy\_documents) | List of IAM policy documents that are merged together into the exported document. Statements must have unique `sid`s | `list(string)` | `[]` | no |
 | <a name="input_sqs_feedback"></a> [sqs\_feedback](#input\_sqs\_feedback) | Map of IAM role ARNs and sample rate for success and failure feedback | `map(string)` | `{}` | no |
 | <a name="input_subscriptions"></a> [subscriptions](#input\_subscriptions) | A map of subscription definitions to create | `any` | `{}` | no |

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -22,7 +22,8 @@ locals {
 module "default_sns" {
   source = "../../"
 
-  name = "${local.name}-default"
+  name              = "${local.name}-default"
+  signature_version = 2
 
   tags = local.tags
 }

diff --git a/main.tf b/main.tf
@@ -18,6 +18,7 @@ resource "aws_sns_topic" "this" {
   delivery_policy             = var.delivery_policy
   display_name                = var.display_name
   fifo_topic                  = var.fifo_topic
+  signature_version           = var.fifo_topic ? null : var.signature_version
 
   firehose_failure_feedback_role_arn    = try(var.firehose_feedback.failure_role_arn, null)
   firehose_success_feedback_role_arn    = try(var.firehose_feedback.success_role_arn, null)

diff --git a/variables.tf b/variables.tf
@@ -122,6 +122,12 @@ variable "sqs_feedback" {
   # }
 }
 
+variable "signature_version" {
+  description = "If SignatureVersion should be 1 (SHA1) or 2 (SHA256). The signature version corresponds to the hashing algorithm used while creating the signature of the notifications, subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS."
+  type        = number
+  default     = null
+}
+
 ################################################################################
 # Topic Policy
 ################################################################################

diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.40"
+      version = ">= 4.56"
     }
   }
 }
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -18,6 +18,7 @@ module "wrapper" {
   lambda_feedback                 = try(each.value.lambda_feedback, var.defaults.lambda_feedback, {})
   topic_policy                    = try(each.value.topic_policy, var.defaults.topic_policy, null)
   sqs_feedback                    = try(each.value.sqs_feedback, var.defaults.sqs_feedback, {})
+  signature_version               = try(each.value.signature_version, var.defaults.signature_version, null)
   create_topic_policy             = try(each.value.create_topic_policy, var.defaults.create_topic_policy, true)
   source_topic_policy_documents   = try(each.value.source_topic_policy_documents, var.defaults.source_topic_policy_documents, [])
   override_topic_policy_documents = try(each.value.override_topic_policy_documents, var.defaults.override_topic_policy_documents, [])