From cb3ec5eed9ac6f3bb3e082e884b2060e91057ebb Mon Sep 17 00:00:00 2001 From: Max Rabin Date: Wed, 20 Aug 2025 17:44:27 +0300 Subject: [PATCH 1/2] Add Region parameter to Notification module --- modules/notification/README.md | 1 + modules/notification/main.tf | 8 ++++++++ modules/notification/variables.tf | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/modules/notification/README.md b/modules/notification/README.md index 364305b0..19292702 100644 --- a/modules/notification/README.md +++ b/modules/notification/README.md @@ -39,6 +39,7 @@ No modules. |------|-------------|------|---------|:--------:| | [bucket](#input\_bucket) | Name of S3 bucket to use | `string` | `""` | no | | [bucket\_arn](#input\_bucket\_arn) | ARN of S3 bucket to use in policies | `string` | `null` | no | +| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no | | [create\_lambda\_permission](#input\_create\_lambda\_permission) | Whether to create Lambda permissions or not? | `bool` | `true` | no | | [create\_sns\_policy](#input\_create\_sns\_policy) | Whether to create a policy for SNS permissions or not? | `bool` | `true` | no | diff --git a/modules/notification/main.tf b/modules/notification/main.tf index 6eb6395a..e05e77df 100644 --- a/modules/notification/main.tf +++ b/modules/notification/main.tf @@ -13,6 +13,8 @@ resource "aws_s3_bucket_notification" "this" { bucket = var.bucket + region = var.region + eventbridge = var.eventbridge dynamic "lambda_function" { @@ -62,6 +64,8 @@ resource "aws_s3_bucket_notification" "this" { resource "aws_lambda_permission" "allow" { for_each = { for k, v in var.lambda_notifications : k => v if var.create_lambda_permission } + region = var.region + statement_id_prefix = "AllowLambdaS3BucketNotification-" action = "lambda:InvokeFunction" function_name = each.value.function_name @@ -110,6 +114,8 @@ data "aws_iam_policy_document" "sqs" { resource "aws_sqs_queue_policy" "allow" { for_each = { for k, v in var.sqs_notifications : k => v if var.create_sqs_policy } + region = var.region + queue_url = try(each.value.queue_id, local.queue_ids[each.key], null) policy = data.aws_iam_policy_document.sqs[each.key].json } @@ -145,6 +151,8 @@ data "aws_iam_policy_document" "sns" { resource "aws_sns_topic_policy" "allow" { for_each = { for k, v in var.sns_notifications : k => v if var.create_sns_policy } + region = var.region + arn = each.value.topic_arn policy = data.aws_iam_policy_document.sns[each.key].json } diff --git a/modules/notification/variables.tf b/modules/notification/variables.tf index a5343687..5aa81a1c 100644 --- a/modules/notification/variables.tf +++ b/modules/notification/variables.tf @@ -22,6 +22,12 @@ variable "create_lambda_permission" { default = true } +variable "region" { + description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration" + type = string + default = null +} + variable "bucket" { description = "Name of S3 bucket to use" type = string From c8894ccfcf92ef7a5c872473b7413ce2ccd973bd Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 20 Aug 2025 17:05:53 +0200 Subject: [PATCH 2/2] Fixed code a bit --- modules/notification/README.md | 2 +- wrappers/notification/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/notification/README.md b/modules/notification/README.md index 19292702..99879d28 100644 --- a/modules/notification/README.md +++ b/modules/notification/README.md @@ -39,13 +39,13 @@ No modules. |------|-------------|------|---------|:--------:| | [bucket](#input\_bucket) | Name of S3 bucket to use | `string` | `""` | no | | [bucket\_arn](#input\_bucket\_arn) | ARN of S3 bucket to use in policies | `string` | `null` | no | -| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no | | [create\_lambda\_permission](#input\_create\_lambda\_permission) | Whether to create Lambda permissions or not? | `bool` | `true` | no | | [create\_sns\_policy](#input\_create\_sns\_policy) | Whether to create a policy for SNS permissions or not? | `bool` | `true` | no | | [create\_sqs\_policy](#input\_create\_sqs\_policy) | Whether to create a policy for SQS permissions or not? | `bool` | `true` | no | | [eventbridge](#input\_eventbridge) | Whether to enable Amazon EventBridge notifications | `bool` | `null` | no | | [lambda\_notifications](#input\_lambda\_notifications) | Map of S3 bucket notifications to Lambda function | `any` | `{}` | no | +| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no | | [sns\_notifications](#input\_sns\_notifications) | Map of S3 bucket notifications to SNS topic | `any` | `{}` | no | | [sqs\_notifications](#input\_sqs\_notifications) | Map of S3 bucket notifications to SQS queue | `any` | `{}` | no | diff --git a/wrappers/notification/main.tf b/wrappers/notification/main.tf index 9e54f2db..82032bb5 100644 --- a/wrappers/notification/main.tf +++ b/wrappers/notification/main.tf @@ -11,6 +11,7 @@ module "wrapper" { create_sqs_policy = try(each.value.create_sqs_policy, var.defaults.create_sqs_policy, true) eventbridge = try(each.value.eventbridge, var.defaults.eventbridge, null) lambda_notifications = try(each.value.lambda_notifications, var.defaults.lambda_notifications, {}) + region = try(each.value.region, var.defaults.region, null) sns_notifications = try(each.value.sns_notifications, var.defaults.sns_notifications, {}) sqs_notifications = try(each.value.sqs_notifications, var.defaults.sqs_notifications, {}) }