resource "aws_sns_topic" "notifications" {
  name              = "${var.project}-notifications-${var.environment}"
  kms_master_key_id = local.kms_key_arn
  tags              = local.tags
}

resource "aws_sns_topic_policy" "notifications" {
  arn = aws_sns_topic.notifications.arn
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Sid       = "RestrictPublish"
      Effect    = "Allow"
      Principal = { AWS = data.aws_caller_identity.current.account_id }
      Action    = "sns:Publish"
      Resource  = aws_sns_topic.notifications.arn
    }]
  })
}

resource "aws_sns_topic" "security_alerts" {
  name              = "${var.project}-security-alerts-${var.environment}"
  kms_master_key_id = local.kms_key_arn
  tags              = local.tags
}