--- #AWSTemplateFormatVersion: "2010-09-09" Description: > This Stack allows you to create up to 6 SNS topics, used to receive notifications from Zabbix AMI. You can Name IT and define if you want to create one IAM user to send the notifications, or just create IAM role to apply on Zabbix Server Parameters: SNS0NotClassified: Type: String Description: Not classified SNS Default: True AllowedValues: - True - False SNS0NotClassifiedName: Type: String Description: Not classified SNS name Default: "NotClassified" SNS1Information: Type: String Description: Information SNS Default: True AllowedValues: - True - False SNS1InformationName: Type: String Description: Information SNS name Default: "Information" SNS2Warning: Type: String Description: Warning SNS Default: True AllowedValues: - True - False SNS2WarningName: Type: String Description: Warning SNS name Default: "Warning" SNS3Average: Type: String Description: Average SNS Default: True AllowedValues: - True - False SNS3AverageName: Type: String Description: Average SNS name Default: "Average" SNS4High: Type: String Description: High SNS Default: True AllowedValues: - True - False SNS4HighName: Type: String Description: High SNS name Default: "High" SNS5Disaster: Type: String Description: Disaster SNS Default: True AllowedValues: - True - False SNS5DisasterName: Type: String Description: Disaster SNS name Default: "Disaster" CreateSNSRole: Type: String Description: Create an IAM role to assign directly on Zabbix server Default: True AllowedValues: - True - False CreateIAMUser: Type: String Description: Create an IAM user to send notifications Default: False AllowedValues: - True - False Conditions: ShouldCreateSNS0: !Equals [!Ref SNS0NotClassified, "true"] ShouldCreateSNS1: !Equals [!Ref SNS1Information, "true"] ShouldCreateSNS2: !Equals [!Ref SNS2Warning, "true"] ShouldCreateSNS3: !Equals [!Ref SNS3Average, "true"] ShouldCreateSNS4: !Equals [!Ref SNS4High, "true"] ShouldCreateSNS5: !Equals [!Ref SNS5Disaster, "true"] ShouldCreateRole: !Equals [!Ref CreateSNSRole, "true"] ShouldCreateUser: !Equals [!Ref CreateIAMUser, "true"] CreateSNS0Policy: !And - !Condition ShouldCreateRole - !Condition ShouldCreateSNS0 CreateSNS1Policy: !And - !Condition ShouldCreateRole - !Condition ShouldCreateSNS1 CreateSNS2Policy: !And - !Condition ShouldCreateRole - !Condition ShouldCreateSNS2 CreateSNS3Policy: !And - !Condition ShouldCreateRole - !Condition ShouldCreateSNS3 CreateSNS4Policy: !And - !Condition ShouldCreateRole - !Condition ShouldCreateSNS4 CreateSNS5Policy: !And - !Condition ShouldCreateRole - !Condition ShouldCreateSNS5 Resources: FirstSNS: Condition: ShouldCreateSNS0 Type: AWS::SNS::Topic Properties: DisplayName: !Join [ "-", [ "Zabbix", !Ref SNS0NotClassifiedName, "SNS" ] ] TopicName: !Join [ "-", [ "Zabbix", !Ref SNS0NotClassifiedName, "SNS" ] ] SecondSNS: Condition: ShouldCreateSNS1 Type: AWS::SNS::Topic Properties: DisplayName: !Join [ "-", [ "Zabbix", !Ref SNS1InformationName, "SNS" ] ] TopicName: !Join [ "-", [ "Zabbix", !Ref SNS1InformationName, "SNS" ] ] ThirdSNS: Condition: ShouldCreateSNS2 Type: AWS::SNS::Topic Properties: DisplayName: !Join [ "-", [ "Zabbix", !Ref SNS2WarningName, "SNS" ] ] TopicName: !Join [ "-", [ "Zabbix", !Ref SNS2WarningName, "SNS" ] ] FourthSNS: Condition: ShouldCreateSNS3 Type: AWS::SNS::Topic Properties: DisplayName: !Join [ "-", [ "Zabbix", !Ref SNS3AverageName, "SNS" ] ] TopicName: !Join [ "-", [ "Zabbix", !Ref SNS3AverageName, "SNS" ] ] FifthSNS: Condition: ShouldCreateSNS4 Type: AWS::SNS::Topic Properties: DisplayName: !Join [ "-", [ "Zabbix", !Ref SNS4HighName, "SNS" ] ] TopicName: !Join [ "-", [ "Zabbix", !Ref SNS4HighName, "SNS" ] ] SixthSNS: Condition: ShouldCreateSNS5 Type: AWS::SNS::Topic Properties: DisplayName: !Join [ "-", [ "Zabbix", !Ref SNS5DisasterName, "SNS" ] ] TopicName: !Join [ "-", [ "Zabbix", !Ref SNS5DisasterName, "SNS" ] ] ZabbixSNSRole: Type: AWS::IAM::Role Properties: Description: Zabbix SNS Role RoleName: ZabbixSNSRole Path: / AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' ZabbixSNSProfile: Type: AWS::IAM::InstanceProfile Condition: ShouldCreateRole DependsOn: ZabbixSNSRole Properties: Path: / Roles: - !Ref ZabbixSNSRole ZabbixSNSSendNotClassifiedPolicy: Type: 'AWS::IAM::Policy' Condition: CreateSNS0Policy Properties: PolicyName: ZabbixSNSSendNotClassifiedPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'sns:Publish' Resource: - !Ref FirstSNS Roles: - !Ref ZabbixSNSRole Users: - Fn::If: - ShouldCreateUser - Ref: ZabbixSendingUser - Ref: AWS::NoValue ZabbixSNSSendInformationPolicy: Type: 'AWS::IAM::Policy' Condition: CreateSNS1Policy Properties: PolicyName: ZabbixSNSSendInformationPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'sns:Publish' Resource: - !Ref SecondSNS Roles: - !Ref ZabbixSNSRole Users: - Fn::If: - ShouldCreateUser - Ref: ZabbixSendingUser - Ref: AWS::NoValue ZabbixSNSSendWarningPolicy: Type: 'AWS::IAM::Policy' Condition: CreateSNS2Policy Properties: PolicyName: ZabbixSNSSendWarningPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'sns:Publish' Resource: - !Ref ThirdSNS Roles: - !Ref ZabbixSNSRole Users: - Fn::If: - ShouldCreateUser - Ref: ZabbixSendingUser - Ref: AWS::NoValue ZabbixSNSSendAveragePolicy: Type: 'AWS::IAM::Policy' Condition: CreateSNS3Policy Properties: PolicyName: ZabbixSNSSendAveragePolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'sns:Publish' Resource: - !Ref FourthSNS Roles: - !Ref ZabbixSNSRole Users: - Fn::If: - ShouldCreateUser - Ref: ZabbixSendingUser - Ref: AWS::NoValue ZabbixSNSSendHighPolicy: Type: 'AWS::IAM::Policy' Condition: CreateSNS4Policy Properties: PolicyName: ZabbixSNSSendHighPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'sns:Publish' Resource: - !Ref FifthSNS Roles: - !Ref ZabbixSNSRole Users: - Fn::If: - ShouldCreateUser - Ref: ZabbixSendingUser - Ref: AWS::NoValue ZabbixSNSSendDisasterPolicy: Type: 'AWS::IAM::Policy' Condition: CreateSNS5Policy Properties: PolicyName: ZabbixSNSSendDisasterPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - 'sns:Publish' Resource: - !Ref SixthSNS Roles: - !Ref ZabbixSNSRole Users: - Fn::If: - ShouldCreateUser - Ref: ZabbixSendingUser - Ref: AWS::NoValue ZabbixSendingUser: Type: AWS::IAM::User Condition: ShouldCreateUser Properties: UserName: ZabbixSendingUser Path: / ZabbixSendingUserAccessKey: Type: AWS::IAM::AccessKey Properties: UserName: Ref: ZabbixSendingUser Status: Active Outputs: FirstSNS: Condition: ShouldCreateSNS0 Value: !Ref FirstSNS SecondSNS: Condition: ShouldCreateSNS1 Value: !Ref SecondSNS ThirdSNS: Condition: ShouldCreateSNS2 Value: !Ref ThirdSNS FourthSNS: Condition: ShouldCreateSNS3 Value: !Ref FourthSNS FifthSNS: Condition: ShouldCreateSNS4 Value: !Ref FifthSNS SixthSNS: Condition: ShouldCreateSNS5 Value: !Ref SixthSNS ZabbixSendingUserAccessKeyId: Condition: ShouldCreateUser Value: !Ref ZabbixSendingUserAccessKey ZabbixSendingUserSecretAccessKey: Condition: ShouldCreateUser Value: !GetAtt ZabbixSendingUserAccessKey.SecretAccessKey