To automate the deployment of the Amazon SNS message archiving and analytics example use case, you can use the following YAML template:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Template for creating an SNS archiving use case
Resources:
ticketUploadStream:
DependsOn:
- ticketUploadStreamRolePolicy
Type: AWS::KinesisFirehose::DeliveryStream
Properties:
S3DestinationConfiguration:
BucketARN: !Sub 'arn:${AWS::Partition}:s3:::${ticketArchiveBucket}'
BufferingHints:
IntervalInSeconds: 60
SizeInMBs: 1
CompressionFormat: UNCOMPRESSED
RoleARN: !GetAtt ticketUploadStreamRole.Arn
ticketArchiveBucket:
Type: AWS::S3::Bucket
ticketTopic:
Type: AWS::SNS::Topic
ticketPaymentQueue:
Type: AWS::SQS::Queue
ticketFraudQueue:
Type: AWS::SQS::Queue
ticketQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Statement:
Effect: Allow
Principal:
Service: sns.amazonaws.com
Action:
- sqs:SendMessage
Resource: '*'
Condition:
ArnEquals:
aws:SourceArn: !Ref ticketTopic
Queues:
- !Ref ticketPaymentQueue
- !Ref ticketFraudQueue
ticketUploadStreamSubscription:
Type: AWS::SNS::Subscription
Properties:
TopicArn: !Ref ticketTopic
Endpoint: !GetAtt ticketUploadStream.Arn
Protocol: firehose
SubscriptionRoleArn: !GetAtt ticketUploadStreamSubscriptionRole.Arn
ticketPaymentQueueSubscription:
Type: AWS::SNS::Subscription
Properties:
TopicArn: !Ref ticketTopic
Endpoint: !GetAtt ticketPaymentQueue.Arn
Protocol: sqs
ticketFraudQueueSubscription:
Type: AWS::SNS::Subscription
Properties:
TopicArn: !Ref ticketTopic
Endpoint: !GetAtt ticketFraudQueue.Arn
Protocol: sqs
ticketUploadStreamRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: ''
Effect: Allow
Principal:
Service: firehose.amazonaws.com
Action: sts:AssumeRole
ticketUploadStreamRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: FirehoseticketUploadStreamRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:AbortMultipartUpload
- s3:GetBucketLocation
- s3:GetObject
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:PutObject
Resource:
- !Sub 'arn:aws:s3:::${ticketArchiveBucket}'
- !Sub 'arn:aws:s3:::${ticketArchiveBucket}/*'
Roles:
- !Ref ticketUploadStreamRole
ticketUploadStreamSubscriptionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- sns.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: SNSKinesisFirehoseAccessPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- firehose:DescribeDeliveryStream
- firehose:ListDeliveryStreams
- firehose:ListTagsForDeliveryStream
- firehose:PutRecord
- firehose:PutRecordBatch
Effect: Allow
Resource:
- !GetAtt ticketUploadStream.Arn