make enable_sqs first pass

terraform-modules · Nov 16, 2021 · 2ec53a3 · 2ec53a3
1 parent 183fbe8
commit 2ec53a3
Showing 1 changed file with 14 additions and 9 deletions.
diff --git a/cloudtrail/sqs.tf b/cloudtrail/sqs.tf
@@ -1,4 +1,5 @@
 resource "aws_sqs_queue" "cloudtrail_deadletter" {
+  count = var.enable_sqs ? 1 : 0
   # delay=0 retention=4d max=256k visibility=1h
   name                       = format("%v-deadletter", local.name)
   delay_seconds              = 0
@@ -18,7 +19,8 @@ resource "aws_sqs_queue" "cloudtrail_deadletter" {
 }
 
 resource "aws_sqs_queue_policy" "cloudtrail_deadletter" {
-  queue_url = aws_sqs_queue.cloudtrail_deadletter.id
+  count     = var.enable_sqs ? 1 : 0
+  queue_url = var.enable_sqs ? aws_sqs_queue.cloudtrail_deadletter[0].id : null
   policy    = data.aws_iam_policy_document.cloudtrail_deadletter.json
 }
 
@@ -28,20 +30,21 @@ data "aws_iam_policy_document" "cloudtrail_deadletter" {
     sid       = "AllowSNSSendMessage"
     effect    = "Allow"
     actions   = ["SQS:SendMessage"]
-    resources = [aws_sqs_queue.cloudtrail_deadletter.arn]
+    resources = [var.enable_sqs ? aws_sqs_queue.cloudtrail_deadletter[0].arn : null]
     principals {
       type        = "AWS"
       identifiers = ["*"]
     }
     condition {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
-      values   = [aws_sns_topic.cloudtrail.arn]
+      values   = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null]
     }
   }
 }
 
 resource "aws_sqs_queue" "cloudtrail" {
+  count = var.enable_sqs ? 1 : 0
   # delay=0 retention=7d max=256k visibity=2h
   name                       = local.name
   delay_seconds              = 0
@@ -51,7 +54,7 @@ resource "aws_sqs_queue" "cloudtrail" {
   visibility_timeout_seconds = 7200
 
   redrive_policy = jsonencode({
-    deadLetterTargetArn = aws_sqs_queue.cloudtrail_deadletter.arn
+    deadLetterTargetArn = var.enable_sqs ? aws_sqs_queue.cloudtrail_deadletter[0].arn : null
     maxReceiveCount     = 100
   })
 
@@ -66,7 +69,8 @@ resource "aws_sqs_queue" "cloudtrail" {
 }
 
 resource "aws_sqs_queue_policy" "cloudtrail_sqs" {
-  queue_url = aws_sqs_queue.cloudtrail.id
+  count     = var.enable_sqs ? 1 : 0
+  queue_url = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].id : null
   policy    = data.aws_iam_policy_document.cloudtrail_sqs.json
 }
 
@@ -76,21 +80,22 @@ data "aws_iam_policy_document" "cloudtrail_sqs" {
     sid       = "AllowSNSSendMessage"
     effect    = "Allow"
     actions   = ["SQS:SendMessage"]
-    resources = [aws_sqs_queue.cloudtrail.arn]
+    resources = [var.enable_sqs ? aws_sqs_queue.cloudtrail[0].arn : null]
     principals {
       type        = "AWS"
       identifiers = ["*"]
     }
     condition {
       test     = "ArnEquals"
       variable = "aws:SourceArn"
-      values   = [aws_sns_topic.cloudtrail.arn]
+      values   = [var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null]
     }
   }
 }
 
 resource "aws_sns_topic_subscription" "cloudtrail_sqs" {
+  count     = var.enable_sqs && var.enable_sns ? 1 : 0
   protocol  = "sqs"
-  topic_arn = aws_sns_topic.cloudtrail.arn
-  endpoint  = aws_sqs_queue.cloudtrail.arn
+  topic_arn = var.enable_sns ? aws_sns_topic.cloudtrail[0].arn : null
+  endpoint  = var.enable_sqs ? aws_sqs_queue.cloudtrail[0].arn : null
 }