How to create an SNS topic on AWS using Terraform

In this article, we will create an SNS topic with an access policy that will allow our own account to perform all SNS actions on the topic. We will carry out this activity using Terraform. Before we proceed with the article, it is assumed that you have a basic understanding of SNS and Terraform. You can also check my article here if you want to learn to create an SNS topic using Cloudformation.

Click here to see all arguments and parameters available for SNS in Terraform. You can then use them to customize the SNS.

Pre-requisites

1. Basic understanding of Terraform.
2. Terraform installed on your system.
3. AWS Account (Create if you don’t have one).
4. ‘access_key’ & ‘secret_key’ of an AWS IAM User with sufficient permissions to create SNS topics. (Click here to learn to create an IAM user with ‘access_key’ & ‘secret_key’ on AWS, )

What we will do

1. Write Terraform configuration files for SNS Topic.
2. Create an SNS Topic using the Terraform configuration files.
3. Delete the created SNS Topic using Terraform.

Write Terraform configuration files for SNS Topic

The first step is to create a file named  “main.tf” that will contain the resource definition. We will create an SNS topic in 

“region = eu-west-3“. You can change this as per your requirement. If you want to limit the actions, you can change the access policy statement. If you are not much familiar with this and just want to get started, then it is better to not change anything in the access policy statement.

You can find the code on my Github repo as well on the following link.

Github Link: https://github.com/shivalkarrahul/DevOps/blob/master/aws/terraform/create-sns-topic/main.tf

File: main.tf

provider "aws" {
    access_key = "${var.access_key}"
    secret_key = "${var.secret_key}"
    region = "eu-west-3"
}

resource "aws_sns_topic" "my_first_sns_topic" {
  name = var.sns_name
}

resource "aws_sns_topic_policy" "my_sns_topic_policy" {
  arn = aws_sns_topic.my_first_sns_topic.arn
  policy = data.aws_iam_policy_document.my_custom_sns_policy_document.json
}

data "aws_iam_policy_document" "my_custom_sns_policy_document" {
  policy_id = "__default_policy_ID"

  statement {
    actions = [
      "SNS:Subscribe",
      "SNS:SetTopicAttributes",
      "SNS:RemovePermission",
      "SNS:Receive",
      "SNS:Publish",
      "SNS:ListSubscriptionsByTopic",
      "SNS:GetTopicAttributes",
      "SNS:DeleteTopic",
      "SNS:AddPermission",
    ]

    condition {
      test     = "StringEquals"
      variable = "AWS:SourceOwner"

      values = [
        var.account_id,
      ]
    }

    effect = "Allow"

    principals {
      type        = "AWS"
      identifiers = ["*"]
    }

    resources = [
      aws_sns_topic.my_first_sns_topic.arn,
    ]

    sid = "__default_statement_ID"
  }
}

Now, create a new file named “terraform.tfvars” to store your AWS IAM User access and secret key that you must already have.

Github Link: https://github.com/shivalkarrahul/DevOps/blob/master/aws/terraform/create-sns-topic/terraform.tfvars

File: terraform.tfvars

access_key = ""

secret_key = ""

We have a variable definition file “variables.tf” where we have defined default values to the variables used in “main.tf“. You need to create this file in the same directory where you have the above two files. You can change the values of these variables. You also need to assign your AWS account number to the “account_id” variable. If you want you can also change the name of the SNS topic to be created by changing the value of the “sns_name” variable.

Github Link: https://github.com/shivalkarrahul/DevOps/blob/master/aws/terraform/create-sns-topic/variables.tf

File: variables.tf

variable "access_key" {
        description = "Access key of AWS IAM user"
}
variable "secret_key" {
        description = "Secret key of AWS IAM user"
}


variable "sns_name" {
        description = "Name of the SNS Topic to be created"
        default = "my_first_sns"
}

variable "account_id" {
        description = "My Accout Number"
        default = ""
}

Create an SNS Topic using the Terraform configuration files.

Once you have main.tf, terraform.tfvars, and variables.tf you are set to create an SNS Topic using Terraform.

The following is the first command to initialize a working directory containing Terraform configuration files.

terraform init

<img alt="terraform init" data-ezsrc="https://kirelos.com/wp-content/uploads/2021/04/echo/screenshot_2021-03-14_at_93941_pm.png60787d43493ae.jpg" ezimgfmt="rs rscb3 src ng ngcb3" height="313" loading="lazy" src="data:image/svg xml,” width=”750″>

The next command is as follows to create an execution plan. Here, you can come to know what all changes will take place.

terraform plan

<img alt="terraform plan" data-ezsrc="https://kirelos.com/wp-content/uploads/2021/04/echo/screenshot_2021-03-14_at_94512_pm.png60787d442bab0.jpg" ezimgfmt="rs rscb3 src ng ngcb3" height="493" loading="lazy" src="data:image/svg xml,” width=”750″>

Now you are ready to apply the changes required to reach the desired state of the configuration using the following command. This will create an SNS topic in your AWS account under the specified region.

terraform apply

<img alt="terraform apply" data-ezsrc="https://kirelos.com/wp-content/uploads/2021/04/echo/screenshot_2021-03-14_at_94559_pm.png60787d44f3eae.jpg" ezimgfmt="rs rscb3 src ng ngcb3" height="493" loading="lazy" src="data:image/svg xml,” width=”750″>

You can now go to the AWS SNS Console to confirm that the topic has been created.

<img alt="SNS Topic" data-ezsrc="https://kirelos.com/wp-content/uploads/2021/04/echo/screenshot_2021-03-14_at_94800_pm.png60787d45c9444.jpg" ezimgfmt="rs rscb3 src ng ngcb3" height="405" loading="lazy" src="data:image/svg xml,” width=”750″>

Delete the created SNS topic using Terraform

When you no longer need the SNS topic you created and what to delete it, there is no need to go to the AWS console and delete it from there. Instead, you can delete it using the following command very easily. The following command will delete the SNS topic after you confirm the deletion. This operation can not be reversed, so be careful while performing a destroy operation on Production servers.

terraform destroy

<img alt="terraform destroy" data-ezsrc="https://kirelos.com/wp-content/uploads/2021/04/echo/1.png60787d4693b55.jpg" ezimgfmt="rs rscb3 src ng ngcb3" height="470" loading="lazy" src="data:image/svg xml,” width=”750″>

Conclusion

In this article, we created an SNS topic with an access policy attached to it in “region = eu-west-3“. We carried out this activity using Terraform, also we saw how easily the SNS topic we created can be deleted using Terraform in just one command.