lephuongbg · February 1, 2023 12:15
diff --git a/sns-with-delivery-status-logging.cloudformation.yml b/sns-with-delivery-status-logging.cloudformation.yml
 AWSTemplateFormatVersion: "2010-09-09"
 Resources:
  Topic:
    Type: 'AWS::SNS::Topic'
    Properties: {}
  # The role required for SNS to write logs to Cloudwatch
  TopicFeedbackRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - sns.amazonaws.com
          Action:
          - sts:AssumeRole
      Policies:
      - PolicyName: "cloudwatch-logs-role"
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Resource: '*'
            Action:
            - "logs:CreateLogGroup"
            - "logs:CreateLogStream"
            - "logs:PutLogEvents"
            - "logs:PutMetricFilter"
            - "logs:PutRetentionPolicy"
  # A custom resource to set the topic's HTTPSuccessFeedbackRoleArn
  SNSTopicAttributeHTTPSuccessFeedbackRoleArn:
    Type: Custom::SNSTopicAttribute
    Properties:
      ServiceToken: !GetAtt SNSTopicAttributeFunction.Arn
      TopicArn: !Ref Topic
      AttributeName: HTTPSuccessFeedbackRoleArn
      AttributeValue: !GetAtt TopicFeedbackRole.Arn
  # A custom resource to set the topic's HTTPFailureFeedbackRoleArn
  SNSTopicAttributeHTTPFailureFeedbackRoleArn:
    Type: Custom::SNSTopicAttribute
    Properties:
      ServiceToken: !GetAtt SNSTopicAttributeFunction.Arn
      TopicArn: !Ref Topic
      AttributeName: HTTPFailureFeedbackRoleArn
      AttributeValue: !GetAtt TopicFeedbackRole.Arn
  # A custom resource to set the topic's success sample rate
  SNSTopicAttributeHTTPSuccessFeedbackSampleRate:
    Type: Custom::SNSTopicAttribute
    Properties:
      ServiceToken: !GetAtt SNSTopicAttributeFunction.Arn
      TopicArn: !Ref Topic
      AttributeName: HTTPSuccessFeedbackSampleRate
      AttributeValue: '100'
  # The lambda function that powers the custom resource above
  # It can update any topic attribute
  SNSTopicAttributeFunction:
    Type: AWS::Lambda::Function
    Properties:
      Runtime: nodejs12.x
      Code:
        ZipFile: |
          'use strict'

          let AWS = require('aws-sdk')
          let sns = new AWS.SNS()
          var response = require('cfn-response')

          exports.handler = (event, context) => {
              var physicalResourceId = event.LogicalResourceId
              console.log(event)

              if (event.RequestType === 'Create' || event.RequestType === 'Update') {
                  sns.setTopicAttributes({
                      AttributeName: event.ResourceProperties.AttributeName,
                      TopicArn: event.ResourceProperties.TopicArn,
                      AttributeValue: event.ResourceProperties.AttributeValue
                  }, (err) => {
                      if (err) {
                          console.error('Failed to setTopicAttributes', err)
                          response.send(event, context, response.FAILED, {}, physicalResourceId)
                      } else {
                          response.send(event, context, response.SUCCESS, {}, physicalResourceId)
                      }
                  })
              } else return response.send(event, context, response.SUCCESS, {}, physicalResourceId)
          }
      Handler: index.handler
      Role: !GetAtt SNSTopicAttributeFunctionRole.Arn
  SNSTopicAttributeFunctionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
          Action:
          - sts:AssumeRole
      ManagedPolicyArns:
      - 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
      Policies:
      - PolicyName: !Sub "${AWS::StackName}-sns-topic-attribute-function-role"
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Resource: '*'
            Action:
            - sns:SetTopicAttributes
            - iam:PassRole
	AWSTemplateFormatVersion: "2010-09-09"
	Resources:
	Topic:
	Type: 'AWS::SNS::Topic'
	Properties: {}
	# The role required for SNS to write logs to Cloudwatch
	TopicFeedbackRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- sns.amazonaws.com
	Action:
	- sts:AssumeRole
	Policies:
	- PolicyName: "cloudwatch-logs-role"
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Resource: '*'
	Action:
	- "logs:CreateLogGroup"
	- "logs:CreateLogStream"
	- "logs:PutLogEvents"
	- "logs:PutMetricFilter"
	- "logs:PutRetentionPolicy"
	# A custom resource to set the topic's HTTPSuccessFeedbackRoleArn
	SNSTopicAttributeHTTPSuccessFeedbackRoleArn:
	Type: Custom::SNSTopicAttribute
	Properties:
	ServiceToken: !GetAtt SNSTopicAttributeFunction.Arn
	TopicArn: !Ref Topic
	AttributeName: HTTPSuccessFeedbackRoleArn
	AttributeValue: !GetAtt TopicFeedbackRole.Arn
	# A custom resource to set the topic's HTTPFailureFeedbackRoleArn
	SNSTopicAttributeHTTPFailureFeedbackRoleArn:
	Type: Custom::SNSTopicAttribute
	Properties:
	ServiceToken: !GetAtt SNSTopicAttributeFunction.Arn
	TopicArn: !Ref Topic
	AttributeName: HTTPFailureFeedbackRoleArn
	AttributeValue: !GetAtt TopicFeedbackRole.Arn
	# A custom resource to set the topic's success sample rate
	SNSTopicAttributeHTTPSuccessFeedbackSampleRate:
	Type: Custom::SNSTopicAttribute
	Properties:
	ServiceToken: !GetAtt SNSTopicAttributeFunction.Arn
	TopicArn: !Ref Topic
	AttributeName: HTTPSuccessFeedbackSampleRate
	AttributeValue: '100'
	# The lambda function that powers the custom resource above
	# It can update any topic attribute
	SNSTopicAttributeFunction:
	Type: AWS::Lambda::Function
	Properties:
	Runtime: nodejs12.x
	Code:
	ZipFile: \|
	'use strict'

	let AWS = require('aws-sdk')
	let sns = new AWS.SNS()
	var response = require('cfn-response')

	exports.handler = (event, context) => {
	var physicalResourceId = event.LogicalResourceId
	console.log(event)

	if (event.RequestType === 'Create' \|\| event.RequestType === 'Update') {
	sns.setTopicAttributes({
	AttributeName: event.ResourceProperties.AttributeName,
	TopicArn: event.ResourceProperties.TopicArn,
	AttributeValue: event.ResourceProperties.AttributeValue
	}, (err) => {
	if (err) {
	console.error('Failed to setTopicAttributes', err)
	response.send(event, context, response.FAILED, {}, physicalResourceId)
	} else {
	response.send(event, context, response.SUCCESS, {}, physicalResourceId)
	}
	})
	} else return response.send(event, context, response.SUCCESS, {}, physicalResourceId)
	}
	Handler: index.handler
	Role: !GetAtt SNSTopicAttributeFunctionRole.Arn
	SNSTopicAttributeFunctionRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	Action:
	- sts:AssumeRole
	ManagedPolicyArns:
	- 'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
	Policies:
	- PolicyName: !Sub "${AWS::StackName}-sns-topic-attribute-function-role"
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Resource: '*'
	Action:
	- sns:SetTopicAttributes
	- iam:PassRole