Update Terraform cloudposse/sns-topic/aws to v0.20.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/sns-topic/aws (source)	module	minor	0.16.0 -> 0.20.0

---

Release Notes

cloudposse/terraform-aws-sns-topic

v0.20.0

Compare Source

Add fifo suffix, redrive policy, and additional outputs @​nitrocode (#​43)

#### what * [x] Allow periods in sqs fifo queue and sns topic if `fifo_topic` is true * [x] Support `redrive_policy` * [x] Added additional outputs #### why * fifo queues and sns topic require `.fifo` in their names and the default regex in context is stripping out the period #### references * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic#name * https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#name * [x] Closes https://github.com/cloudposse/terraform-aws-sns-topic/issues/40 * [x] Closes https://github.com/cloudposse/terraform-aws-sns-topic/issues/42 * [x] Closes https://github.com/cloudposse/terraform-aws-sns-topic/issues/25 #### test

module "sns" {
  source = "git::https://github.com/cloudposse/terraform-aws-sns-topic.git?ref=sqs_queue_allow_periods"

  fifo_topic         = true
  sqs_dlq_enabled    = true
  fifo_queue_enabled = true
}

v0.19.2

Compare Source

🤖 Automatic Updates

Update context.tf @​cloudpossebot (#​37)

#### what This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` #### why To support all the features of the `context` interface.

v0.19.1

Compare Source

🚀 Enhancements

Delete auto-approve.yml @​3h4x (#​18)

#### what - delete `auto-approve` as test is over

v0.19.0

Compare Source

Add enabled toggle @​nitrocode (#​36)

#### what * Add enabled toggle #### why * Only if enabled=true will this module create resources #### references N/A

v0.18.0

Compare Source

Making Encryption configuration of SNS easier @​azec-pdx (#​34)

#### NOTE: Previously opened and discussed as https://github.com/cloudposse/terraform-aws-sns-topic/pull/32 , but had to open new PR because of the bad upstream fork rebasing (accidentally pointed to another unrelated CP TF module and ruined git history). #### what * I was using `cloudposse/terraform-aws-sns-topic` to deploy SNS Topic and subscriber SQS queues for routing Bounce and Complaint notifications from AWS SES service. AWS SES won't accept SNS Topic as the notifications target unless it has enough permissions for KMS key that is configured for SNS Topic Encryption settings. With module `cloudposse/terraform-aws-sns-topic` using default AWS KMS key `alias/aws/sns`, this is limiting in two ways: 1. It forces users of `cloudposse/terraform-aws-sns-topic` TF module to use encryption even if they don't provide their own KMS key. Users don't have option to deploy SNS Topic with Encryption disabled. 2. Since users are already forced to use SNS Topic Encryption, their only option becomes to configure their own KMS key and pass it to `cloudposse/terraform-aws-sns-topic` module, but then there is additional requirement for users to do more IAM permissions on KMS key to allow AWS SES service access to the key to encrypt messages as they are fanned out to SNS Topic. * This PR makes use of Encryption feature of SNS Topic deployed with `cloudposse/terraform-aws-sns-topic` more configurable in a way that: 1. Users can now easier opt-out from using encryption with feature flag/variable `use_encryption` instead of having to explicitly override `kms_master_key_id` with either `""` (empty string) or `null` value 2. Backward compatibility is preserved (encryption is by default on and if user doesn't override `kms_master_key_id` the default KMS key `alias/aws/sns` is used) 3. If user wants to use custom (their own) KMS key, all they have to do is to set the ID of the KMS key alias in `kms_master_key_id` and use of encryption is implicitly assumed #### why * Business case: mostly described above, to be able to have easier options for this feature when needing SNS Topic **without** Encryption in order to work with other AWS service (SES in this case) - especially since it is all in the same AWS account. * This now makes possible to deploy SNS Topic **without** Encryption by just flipping feature flag:

 module "sns" {
    #source = "git::https://github.com/cloudposse/terraform-aws-sns-topic.git//?ref=tags/<FUTURE_TAG>"
    source   = "git::https://github.com/SkywardIO/terraform-aws-sns-topic.git//?ref=feature/sns-enc-optional"
    name     = module.this.id

    subscribers = var.subscribers
    allowed_aws_services_for_sns_published = var.allowed_aws_services_for_sns_published
    sqs_dlq_enabled = false # Until valid case neeed for this and until CP fixes https://github.com/cloudposse/terraform-aws-sns-topic/blob/master/main.tf#L20
    use_encryption = false
}

references

• N/A?

v0.17.0

Compare Source

Support for FIFO SNS Topics @​azec-pdx (#​35)

#### what * Adds ability to support deploying FIFO - type SNS Topics #### why * Customers might need FIFO SNS Topics with FIFO SQS queues subscribed * This allows them to use module in following way ```terraform module "sns" { source = "git::https://github.com/cloudposse/terraform-aws-sns-topic.git//?ref=tags/"

    fifo_topic                  = var.fifo_topic
    name                        = module.this.id # e.g. mytopic.fifo   
    regex_replace_chars         = var.regex_replace_chars     # e.g. "/[^.a-zA-Z0-9-]/"  - required to prevent removal of '.' char in '.fifo' suffix
    sqs_dlq_enabled             = false # Until valid case neeed for this and until CP fixes https://github.com/cloudposse/terraform-aws-sns-topic/blob/master/main.tf#L20
    subscribers                 = var.subscribers
    content_based_deduplication = var.content_based_deduplication

SNS Topic policies related variables

    sns_topic_policy_json                  = var.sns_topic_policy_json
    allowed_aws_services_for_sns_published = var.allowed_aws_services_for_sns_published
    allowed_iam_arns_for_sns_publish       = var.allowed_iam_arns_for_sns_publish
}

and then upstream to use this as: 
```terraform
 module "my_topic_and_subscribers" {
   source = "../../components/sns_topic_w_subscribers"
 
   environment                 = var.environment
   fifo_topic                  = true # has to be fifo for FIFO SQS queue subscribers (which all are)
   content_based_deduplication = true
   name                        = "my-topic.fifo" # suffix .fifo is required by AWS for this type of SNS Topic
   namespace                   = var.namespace
   regex_replace_chars         = "/[^.a-zA-Z0-9-]/" # required to prevent removal of '.' char in '.fifo' suffix
   region                      = var.region
   subscribers = {
     my_sqs_fifo = {
       endpoint               = module.my_queue_fifo.queue_arn # ARN of the SQS that will be subscribed to SNS topic
       endpoint_auto_confirms = true
       protocol               = "sqs",
       raw_message_delivery   = false
     }
   }
   sns_topic_policy_json = data.aws_iam_policy_document.my_topic_policy_document.json
 }
#### references
* N/A

</details>

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[korenyoni]

/test all

[mergify]

This pull request is now in conflict. Could you fix it @renovate[bot]? 🙏

[mergify]

This pull request is now in conflict. Could you fix it @renovate[bot]? 🙏

[cloudposse-mergebot]

We've automatically approved this PR because the checks from the automated Pull Request have passed.

[cloudposse-mergebot]

We've automatically approved this PR because the checks from the automated Pull Request have passed.