configuring budget notif

WorldHealthOrganization · Jan 13, 2025 · 1b2b3e0 · 1b2b3e0
1 parent 89fb265
commit 1b2b3e0
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 0 deletions.
diff --git a/devops/envs/dataart-dev-2025/budget.tf b/devops/envs/dataart-dev-2025/budget.tf
@@ -0,0 +1,16 @@
+resource "aws_budgets_budget" "daily-cost" {
+  # ...
+  budget_type  = "COST"
+  limit_amount = "5"
+  limit_unit   = "USD"
+  time_unit    = "DAILY"
+  #Cost types must be defined for RI budgets because the settings conflict with the defaults
+
+  notification {
+    comparison_operator       = "GREATER_THAN"
+    threshold                 = "100"
+    threshold_type            = "PERCENTAGE"
+    notification_type         = "ACTUAL"
+    subscriber_sns_topic_arns = [resource.aws_sns_topic.step-func-fail[0].arn]
+  }
+}
diff --git a/devops/envs/dataart-dev-2025/kms_key.tf b/devops/envs/dataart-dev-2025/kms_key.tf
@@ -21,6 +21,20 @@ resource "aws_kms_key" "sns_key" {
         ],
         "Resource" : "*",
       },
+      {
+        "Sid" : "Allow_Budgets_for_CMK",
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : [
+            "budgets.amazonaws.com"
+          ]
+        },
+        "Action" : [
+          "kms:Decrypt",
+          "kms:GenerateDataKey*",
+        ],
+        "Resource" : "*",
+      },
       {
         Sid    = "Allow administration of the key"
         Effect = "Allow"

diff --git a/devops/envs/dataart-dev-2025/sns.tf b/devops/envs/dataart-dev-2025/sns.tf
@@ -16,6 +16,7 @@ data "aws_iam_policy_document" "sns_topic_policy" {
   policy_id = "${local.prefix}-alarm-chatbot-sns-policy"
 
   statement {
+    sid = "allow access by event bridge"
     actions = [
       "sns:Publish"
     ]
@@ -36,8 +37,27 @@ data "aws_iam_policy_document" "sns_topic_policy" {
       values   = [resource.aws_cloudwatch_event_rule.step-function-failure-events[0].arn]
     }
   }
+  statement {
+    sid = "allow access by budget"
+    actions = [
+      "sns:Publish"
+    ]
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["budgets.amazonaws.com"]
+    }
+
+    resources = [
+      aws_sns_topic.step-func-fail[0].arn,
+    ]
+
+  }
+
 }
 
+
 resource "aws_sns_topic_policy" "default" {
   count  = var.chatbot_notifs_implementation ? 1 : 0
   arn    = aws_sns_topic.step-func-fail[0].arn