FredsCloudMonitor/sample/sqs.tf

#### SQS Queues for Analysis
resource "aws_sqs_queue" "fcm-analysis-EbsEncryptionByDefault-deadletter" {
  name                      = "fcm-analysis-EbsEncryptionByDefault-deadletter"
  visibility_timeout_seconds = 5400 # How long before the item can be retried if something went wrong, should match processing time. Should be at least 6 times the lambda timeout
  delay_seconds             = 0 # Delay before message is delivered. This can be increased if resources take longer to be active.
  max_message_size          = 262144 # How big messages can get. 256KB is the max for SNS and SQS
  message_retention_seconds = 1209600 # Better handle it with 14 days!
  kms_master_key_id         = "alias/fcm"
  depends_on = [aws_kms_alias.FCM-Key]
  kms_data_key_reuse_period_seconds = 300 # keep using the same data key for up to 5 minutes

  tags = {
    Project = "FredsCloudMonitor"
  }
}

resource "aws_sqs_queue" "fcm-analysis-EbsEncryptionByDefault" {
  name                      = "fcm-analysis-EbsEncryptionByDefault"
  visibility_timeout_seconds = 900 # How long before the item can be retried if something went wrong, should match processing time
  delay_seconds             = 0 # Delay before message is delivered. This can be increased if resources take longer to be active.
  max_message_size          = 262144 # How big messages can get. 256KB is the max for SNS and SQS
  message_retention_seconds = 86400 # How long to keep the message
  redrive_policy            = "{\"deadLetterTargetArn\":\"${aws_sqs_queue.fcm-analysis-EbsEncryptionByDefault-deadletter.arn}\",\"maxReceiveCount\":4}" # maxReceiveCount is how many times to attempt processing
  kms_master_key_id         = "alias/fcm"
  depends_on = [aws_kms_alias.FCM-Key]
  kms_data_key_reuse_period_seconds = 300 # keep using the same data key for up to 5 minutes

  tags = {
    Project = "FredsCloudMonitor"
  }
}

resource "aws_sqs_queue_policy" "fcm-analysis-EbsEncryptionByDefault" {
  queue_url = "${aws_sqs_queue.fcm-analysis-EbsEncryptionByDefault.id}"

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "SNSPermissions",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
      "Resource": "${aws_sqs_queue.fcm-analysis-EbsEncryptionByDefault.arn}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": [
            "${aws_sns_topic.fcm-input-DisableEbsEncryptionByDefault.arn}",
            "${aws_sns_topic.fcm-input-EnableEbsEncryptionByDefault.arn}",
            "${aws_sns_topic.fcm-custom-EbsEncryptionByDefault.arn}"
          ]
        }
      }
    }
  ]
}
POLICY
}

resource "aws_sns_topic_subscription" "fcm-analysis-EbsEncryptionByDefault1" {
  topic_arn = "${aws_sns_topic.fcm-input-DisableEbsEncryptionByDefault.arn}"
  protocol  = "sqs"
  endpoint  = "${aws_sqs_queue.fcm-analysis-EbsEncryptionByDefault.arn}"
  raw_message_delivery = true # don't add extra sns metadata
}

resource "aws_sns_topic_subscription" "fcm-analysis-EbsEncryptionByDefault2" {
  topic_arn = "${aws_sns_topic.fcm-input-EnableEbsEncryptionByDefault.arn}"
  protocol  = "sqs"
  endpoint  = "${aws_sqs_queue.fcm-analysis-EbsEncryptionByDefault.arn}"
  raw_message_delivery = true # don't add extra sns metadata
}

resource "aws_sns_topic_subscription" "fcm-analysis-EbsEncryptionByDefault3" {
  topic_arn = "${aws_sns_topic.fcm-custom-EbsEncryptionByDefault.arn}"
  protocol  = "sqs"
  endpoint  = "${aws_sqs_queue.fcm-analysis-EbsEncryptionByDefault.arn}"
  raw_message_delivery = true # don't add extra sns metadata
}

#### SQS Queues for Remediation
resource "aws_sqs_queue" "fcm-remediation-EbsEncryptionByDefault-deadletter" {
  name                      = "fcm-remediation-EbsEncryptionByDefault-deadletter"
  visibility_timeout_seconds = 5400 # How long before the item can be retried if something went wrong, should match processing time. Should be at least 6 times the lambda timeout
  delay_seconds             = 0 # Delay before message is delivered. This can be increased if resources take longer to be active.
  max_message_size          = 262144 # How big messages can get. 256KB is the max for SNS and SQS
  message_retention_seconds = 1209600 # Better handle it with 14 days!
  kms_master_key_id         = "alias/fcm"
  depends_on = [aws_kms_alias.FCM-Key]
  kms_data_key_reuse_period_seconds = 300 # keep using the same data key for up to 5 minutes

  tags = {
    Project = "FredsCloudMonitor"
  }
}

resource "aws_sqs_queue" "fcm-remediation-EbsEncryptionByDefault" {
  name                      = "fcm-remediation-EbsEncryptionByDefault"
  visibility_timeout_seconds = 900 # How long before the item can be retried if something went wrong, should match processing time
  delay_seconds             = 0 # Delay before message is delivered. This can be increased if resources take longer to be active.
  max_message_size          = 262144 # How big messages can get. 256KB is the max for SNS and SQS
  message_retention_seconds = 86400 # How long to keep the message
  redrive_policy            = "{\"deadLetterTargetArn\":\"${aws_sqs_queue.fcm-remediation-EbsEncryptionByDefault-deadletter.arn}\",\"maxReceiveCount\":4}" # maxReceiveCount is how many times to attempt processing
  kms_master_key_id         = "alias/fcm"
  depends_on = [aws_kms_alias.FCM-Key]
  kms_data_key_reuse_period_seconds = 300 # keep using the same data key for up to 5 minutes

  tags = {
    Project = "FredsCloudMonitor"
  }
}

resource "aws_sqs_queue_policy" "fcm-remediation-EbsEncryptionByDefault" {
  queue_url = "${aws_sqs_queue.fcm-remediation-EbsEncryptionByDefault.id}"

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "AllowAnalysisToSend",
      "Effect": "Allow",
      "Principal": {
        "AWS": "${aws_iam_role.fcm-lambda-analysis-EbsEncryptionByDefault.arn}"
      },
      "Action": "sqs:SendMessage",
      "Resource": "${aws_sqs_queue.fcm-remediation-EbsEncryptionByDefault.arn}"
    }
  ]
}
POLICY
}