Allow configuration of created SNS topic

[reisingerf]

Following from the use case described in #89 we'd like to enforceSSL on SNS topics.
We can't see a way to do this with the current code.

[EYssel]

This is great feedback!

Keep it coming.

I will get on these issues as soon as I can.

[EYssel]

Unfortunately the enforceSSL flag on the SNS Topic was only added in a recent release of aws-cdk-lib

Currently a decision is made to keep the version as low as possible to provide support for as many users as possible.

See issue below where it was merged into aws-cdk-lib:
aws/aws-cdk#29144

What I am working now on is the older solution where you provide a topic policy which I believe provides the same result.

This will be exposed as an optional topicPolicy property to alleviate the issue.

I will add a new issue in the backlog with it blocked by the version.

See below:

const topic = new sns.Topic(this, 'Topic');
const policyDocument = new iam.PolicyDocument({
  assignSids: true,
  statements: [
    new iam.PolicyStatement({
      actions: ["sns:Publish"],
      principals: [new iam.ServicePrincipal('s3.amazonaws.com')],
      resources: [topic.topicArn],
    }),
  ],
});

const topicPolicy = new sns.TopicPolicy(this, 'Policy', {
  topics: [topic],
  policyDocument,
  enforceSSL: true,
});

Source: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns-readme.html#enforce-encryption-of-data-in-transit-when-publishing-to-a-topic

2nd option in the list.

The PR for this will be opened soon.

[EYssel]

After further investigation this solution will not work as the enforceSSL is also not yet in supported in the aws-cdk-lib@2.60.0 which this project is using.

const topicPolicy = new sns.TopicPolicy(this, 'Policy', {
  topics: [topic],
  policyDocument,
  enforceSSL: true, // <<<<<< NOT supported in`aws-cdk-lib@2.60.0`
});

[EYssel]

Reopened in a Blocked state.

This issue is blocked due to the enforceSSL flag not being available in the version of aws-cdk-lib (2.60.0) being used as of the writing of this message

[reisingerf]

Could you support an existing Topic instead of creating a new one?
Then the topic could be created/configured however the user wants.
This may also solve the issue I mentioned in #91

[EYssel]

This would be possible.

I will create a new issue then and close this one.

[EYssel]

@reisingerf

I hope your issue is now resolved.

Thank you very much for the feedback.

Feel free to reach out if you have any questions.

You are also welcome to contribute if you would like to do so!