Merge pull request #155 from asfadmin/mrp/feature/sns-collection-topic

Add metrics aws sns policy logic
asfadmin · Jul 14, 2023 · 6d73109 · 6d73109
2 parents f7eab40 + a634b2d
commit 6d73109
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 16 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # CHANGELOG
 
+## v15.0.3.3
+
+* Update outputs to match cumulus module
+* Add support for EMS Reporting SNS policy
+
 ## v15.0.3.2
 
 * Add 'lzards' support to cumulus module

diff --git a/cumulus/outputs.tf b/cumulus/outputs.tf
@@ -6,18 +6,18 @@ output "workflow_config" {
 
 # ---------
 # Cumulus Tasks
-output "sf_sqs_report_task" {
-  value = module.cumulus.sf_sqs_report_task
-}
-output "fake_processing_task" {
-  value = module.cumulus.fake_processing_task
+output "add_missing_file_checksums_task" {
+  value = module.cumulus.add_missing_file_checksums_task
 }
 output "discover_granules_task" {
   value = module.cumulus.discover_granules_task
 }
 output "discover_pdrs_task" {
   value = module.cumulus.discover_pdrs_task
 }
+output "fake_processing_task" {
+  value = module.cumulus.fake_processing_task
+}
 output "files_to_granules_task" {
   value = module.cumulus.files_to_granules_task
 }
@@ -27,6 +27,9 @@ output "hello_world_task" {
 output "hyrax_metadata_updates_task" {
   value = module.cumulus.hyrax_metadata_updates_task
 }
+output "lzards_backup_task" {
+  value = module.cumulus.lzards_backup_task
+}
 output "move_granules_task" {
   value = module.cumulus.move_granules_task
 }
@@ -36,22 +39,34 @@ output "parse_pdr_task" {
 output "pdr_status_check_task" {
   value = module.cumulus.pdr_status_check_task
 }
-output "post_to_cmr_task" {
-  value = module.cumulus.post_to_cmr_task
-}
+
 output "queue_granules_task" {
   value = module.cumulus.queue_granules_task
 }
 output "queue_pdrs_task" {
   value = module.cumulus.queue_pdrs_task
 }
+output "queue_workflow_task" {
+  value = module.cumulus.queue_workflow_task
+}
+output "sf_sqs_report_task" {
+  value = module.cumulus.sf_sqs_report_task
+}
 output "sync_granule_task" {
   value = module.cumulus.sync_granule_task
 }
-
+output "update_cmr_access_constraints_task" {
+  value = module.cumulus.update_cmr_access_constraints_task
+}
 output "update_granules_cmr_metadata_file_links_task" {
   value = module.cumulus.update_granules_cmr_metadata_file_links_task
 }
+output "post_to_cmr_task" {
+  value = module.cumulus.post_to_cmr_task
+}
+output "sqs2sfThrottle_lambda_function_arn" {
+  value = module.cumulus.sqs2sfThrottle_lambda_function_arn
+}
 
 # ---------
 # Cumulus IAM Resources
@@ -81,7 +96,13 @@ output "distribution_redirect_uri" {
 }
 
 # ---------
-# Workflow reporting SNS topics
+# Workflow reporting Queue and SNS topics
+output "stepfunction_event_reporter_queue_url" {
+  value = module.cumulus.stepfunction_event_reporter_queue_url
+}
+output "report_collections_sns_topic_arn" {
+  value = module.cumulus.report_collections_sns_topic_arn
+}
 output "report_executions_sns_topic_arn" {
   value = module.cumulus.report_executions_sns_topic_arn
 }

diff --git a/cumulus/policy.tf b/cumulus/policy.tf
@@ -0,0 +1,40 @@
+resource "aws_sns_topic_policy" "metrics_sns_policy" {
+  for_each = var.metrics_es_aws_account_id != null ? {
+    "granules"    = module.cumulus.report_granules_sns_topic_arn
+    "executions"  = module.cumulus.report_executions_sns_topic_arn
+    "collections" = module.cumulus.report_collections_sns_topic_arn
+    "pdrs"        = module.cumulus.report_pdrs_sns_topic_arn
+  } : {}
+  arn = each.value
+
+  policy = data.aws_iam_policy_document.metrics_sns_topics_policy[each.key].json
+}
+
+data "aws_iam_policy_document" "metrics_sns_topics_policy" {
+  policy_id = "__default_policy_ID"
+  for_each = var.metrics_es_aws_account_id != null ? {
+    "granules"    = module.cumulus.report_granules_sns_topic_arn
+    "executions"  = module.cumulus.report_executions_sns_topic_arn
+    "collections" = module.cumulus.report_collections_sns_topic_arn
+    "pdrs"        = module.cumulus.report_pdrs_sns_topic_arn
+  } : {}
+
+  statement {
+    actions = [
+      "SNS:Subscribe",
+    ]
+
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = [var.metrics_es_aws_account_id]
+    }
+
+    resources = [
+      each.value,
+    ]
+
+    sid = "__default_statement_ID"
+  }
+}
diff --git a/cumulus/variables.tf b/cumulus/variables.tf
@@ -64,8 +64,8 @@ variable "lzards_provider" {
 
 variable "lzards_api" {
   description = "LZARDS backup API endpoint"
-  type = string
-  default = ""
+  type        = string
+  default     = ""
 }
 
 variable "lzards_s3_link_timeout" {
@@ -254,6 +254,11 @@ variable "metrics_es_username" {
   default = null
 }
 
+variable "metrics_es_aws_account_id" {
+  type    = string
+  default = null
+}
+
 variable "api_users" {
   type    = list(string)
   default = []
@@ -383,8 +388,8 @@ variable "thottled_queue_execution_limit" {
 
 variable "lambda_memory_sizes" {
   description = "Memory sizes for lambda functions"
-  type = map(string)
-  default = {}
+  type        = map(string)
+  default     = {}
 }
 
 variable "lambda_timeouts" {
@@ -406,8 +411,8 @@ variable "cloudwatch_log_retention_periods" {
 }
 
 variable "default_log_retention_days" {
-  type = number
-  default = 30
+  type        = number
+  default     = 30
   description = "Optional default value that user chooses for their log retention periods"
 }