resource/aws_sns_topic: Add support for delivery status

aws/resource_aws_sns_topic.go

@@ -14,11 +14,22 @@ import (
 
 // Mutable attributes
 var SNSAttributeMap = map[string]string{
-	"arn":             "TopicArn",
-	"display_name":    "DisplayName",
-	"policy":          "Policy",
-	"delivery_policy": "DeliveryPolicy",
-}
+	"arn":                                      "TopicArn",
+	"display_name":                             "DisplayName",
+	"policy":                                   "Policy",
+	"delivery_policy":                          "DeliveryPolicy",
+	"application_success_feedback_role_arn":    "ApplicationSuccessFeedbackRoleArn",
+	"application_success_feedback_sample_rate": "ApplicationSuccessFeedbackSampleRate",
+	"application_failure_feedback_role_arn":    "ApplicationFailureFeedbackRoleArn",
+	"http_success_feedback_role_arn":           "HTTPSuccessFeedbackRoleArn",
+	"http_success_feedback_sample_rate":        "HTTPSuccessFeedbackSampleRate",
+	"http_failure_feedback_role_arn":           "HTTPFailureFeedbackRoleArn",
+	"lambda_success_feedback_role_arn":         "LambdaSuccessFeedbackRoleArn",
+	"lambda_success_feedback_sample_rate":      "LambdaSuccessFeedbackSampleRate",
+	"lambda_failure_feedback_role_arn":         "LambdaFailureFeedbackRoleArn",
+	"sqs_success_feedback_role_arn":            "SQSSuccessFeedbackRoleArn",
+	"sqs_success_feedback_sample_rate":         "SQSSuccessFeedbackSampleRate",
+	"sqs_failure_feedback_role_arn":            "SQSFailureFeedbackRoleArn"}
 
 func resourceAwsSnsTopic() *schema.Resource {
 	return &schema.Resource{
@@ -63,6 +74,58 @@ func resourceAwsSnsTopic() *schema.Resource {
 					return json
 				},
 			},
+			"application_success_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"application_success_feedback_sample_rate": &schema.Schema{
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validateIntegerInRange(0, 100),
+			},
+			"application_failure_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"http_success_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"http_success_feedback_sample_rate": &schema.Schema{
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validateIntegerInRange(0, 100),
+			},
+			"http_failure_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"lambda_success_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"lambda_success_feedback_sample_rate": &schema.Schema{
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validateIntegerInRange(0, 100),
+			},
+			"lambda_failure_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"sqs_success_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"sqs_success_feedback_sample_rate": &schema.Schema{
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ValidateFunc: validateIntegerInRange(0, 100),
+			},
+			"sqs_failure_feedback_role_arn": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 			"arn": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
@@ -109,7 +172,7 @@ func resourceAwsSnsTopicUpdate(d *schema.ResourceData, meta interface{}) error {
 					req := sns.SetTopicAttributesInput{
 						TopicArn:       aws.String(d.Id()),
 						AttributeName:  aws.String(attrKey),
-						AttributeValue: aws.String(n.(string)),
+						AttributeValue: aws.String(fmt.Sprintf("%v", n)),
 					}
 					conn := meta.(*AWSClient).snsconn
 					// Retry the update in the event of an eventually consistent style of

aws/resource_aws_sns_topic_test.go

@@ -107,6 +107,37 @@ func TestAccAWSSNSTopic_withDeliveryPolicy(t *testing.T) {
 	})
 }
 
+func TestAccAWSSNSTopic_deliveryStatus(t *testing.T) {
+	rName := acctest.RandString(10)
+	arnRegex := regexp.MustCompile("^arn:aws:iam::[0-9]{12}:role/sns-delivery-status-role-")
+	resource.Test(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: "aws_sns_topic.test_topic",
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccCheckAWSSNSTopicDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSNSTopicConfig_deliveryStatus(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSNSTopicExists("aws_sns_topic.test_topic"),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "application_success_feedback_role_arn", arnRegex),
+					resource.TestCheckResourceAttr("aws_sns_topic.test_topic", "application_success_feedback_sample_rate", "100"),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "application_failure_feedback_role_arn", arnRegex),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "lambda_success_feedback_role_arn", arnRegex),
+					resource.TestCheckResourceAttr("aws_sns_topic.test_topic", "lambda_success_feedback_sample_rate", "90"),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "lambda_failure_feedback_role_arn", arnRegex),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "http_success_feedback_role_arn", arnRegex),
+					resource.TestCheckResourceAttr("aws_sns_topic.test_topic", "http_success_feedback_sample_rate", "80"),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "http_failure_feedback_role_arn", arnRegex),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "sqs_success_feedback_role_arn", arnRegex),
+					resource.TestCheckResourceAttr("aws_sns_topic.test_topic", "sqs_success_feedback_sample_rate", "70"),
+					resource.TestMatchResourceAttr("aws_sns_topic.test_topic", "sqs_failure_feedback_role_arn", arnRegex),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSNSTopicHasPolicy(n string, expectedPolicyText string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -379,3 +410,70 @@ EOF
 }
 `, r)
 }
+
+func testAccAWSSNSTopicConfig_deliveryStatus(r string) string {
+	return fmt.Sprintf(`
+resource "aws_sns_topic" "test_topic" {
+  depends_on                               = ["aws_iam_role_policy.example"]
+  name                                     = "sns-delivery-status-topic-%s"
+  application_success_feedback_role_arn    = "${aws_iam_role.example.arn}"
+  application_success_feedback_sample_rate = 100
+  application_failure_feedback_role_arn    = "${aws_iam_role.example.arn}"
+  lambda_success_feedback_role_arn         = "${aws_iam_role.example.arn}"
+  lambda_success_feedback_sample_rate      = 90
+  lambda_failure_feedback_role_arn         = "${aws_iam_role.example.arn}"
+  http_success_feedback_role_arn           = "${aws_iam_role.example.arn}"
+  http_success_feedback_sample_rate        = 80
+  http_failure_feedback_role_arn           = "${aws_iam_role.example.arn}"
+  sqs_success_feedback_role_arn            = "${aws_iam_role.example.arn}"
+  sqs_success_feedback_sample_rate         = 70
+  sqs_failure_feedback_role_arn            = "${aws_iam_role.example.arn}"
+}
+
+resource "aws_iam_role" "example" {
+  name = "sns-delivery-status-role-%s"
+  path = "/"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "sns.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "example" {
+  name = "sns-delivery-status-role-policy-%s"
+  role = "${aws_iam_role.example.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+        "logs:PutMetricFilter",
+        "logs:PutRetentionPolicy"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+`, r, r, r)
+}

website/docs/r/sns_topic.html.markdown

@@ -18,6 +18,10 @@ resource "aws_sns_topic" "user_updates" {
 }
 ```
 
+## Message Delivery Status Arguments
+
+The `<endpoint>_success_feedback_role_arn` and `<endpoint>_failure_feedback_role_arn` arguments are used to give Amazon SNS write access to use CloudWatch Logs on your behalf. The `<endpoint>_success_feedback_sample_rate` argument is for specifying the sample rate percentage (0-100) of successfully delivered messages. After you configure the  `<endpoint>_failure_feedback_role_arn` argument, then all failed message deliveries generate CloudWatch Logs.
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -26,6 +30,18 @@ The following arguments are supported:
 * `display_name` - (Optional) The display name for the SNS topic
 * `policy` - (Optional) The fully-formed AWS policy as JSON
 * `delivery_policy` - (Optional) The SNS delivery policy
+* `application_success_feedback_role_arn` - (Optional) The IAM role permitted to receive success feedback for this topic
+* `application_success_feedback_sample_rate` - (Optional) Percentage of success to sample
+* `application_failure_feedback_role_arn` - (Optional) IAM role for failure feedback
+* `http_success_feedback_role_arn` - (Optional) The IAM role permitted to receive success feedback for this topic
+* `http_success_feedback_sample_rate` - (Optional) Percentage of success to sample
+* `http_failure_feedback_role_arn` - (Optional) IAM role for failure feedback
+* `lambda_success_feedback_role_arn` - (Optional) The IAM role permitted to receive success feedback for this topic
+* `lambda_success_feedback_sample_rate` - (Optional) Percentage of success to sample
+* `lambda_failure_feedback_role_arn` - (Optional) IAM role for failure feedback
+* `sqs_success_feedback_role_arn` - (Optional) The IAM role permitted to receive success feedback for this topic
+* `sqs_success_feedback_sample_rate` - (Optional) Percentage of success to sample
+* `sqs_failure_feedback_role_arn` - (Optional) IAM role for failure feedback
 
 ## Attributes Reference