clear-skies-aws 2.0.1__py3-none-any.whl → 2.0.3__py3-none-any.whl

{clear_skies_aws-2.0.1.dist-info → clear_skies_aws-2.0.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: clear-skies-aws
-Version: 2.0.1
+Version: 2.0.3
 Summary: clearskies bindings for working in AWS
 Project-URL: Repository, https://github.com/clearskies-py/clearskies-aws
 Project-URL: Issues, https://github.com/clearskies-py/clearskies-aws/issues
@@ -16,7 +16,7 @@ Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python :: 3
 Requires-Python: <4.0,>=3.11
 Requires-Dist: boto3<2.0.0,>=1.26.148
-Requires-Dist: clear-skies<3.0.0,>=2.0.2
+Requires-Dist: clear-skies<3.0.0,>=2.0.20
 Requires-Dist: types-boto3[dynamodb,sns,sqs]<2.0.0,>=1.38.13
 Provides-Extra: akeyless
 Requires-Dist: akeyless-cloud-id<0.5.0,>=0.2.3; extra == 'akeyless'

clear_skies_aws-2.0.3.dist-info/RECORD

@@ -0,0 +1,63 @@
+clearskies_aws/__init__.py,sha256=-vmIX17AJIxy3-2CO4iXofUcgIUAckfHfdrkHtkya8g,368
+clearskies_aws/actions/__init__.py,sha256=YsIi3ZTdByu4R7I77uOAXDE5hzB31J_tRrIoTxe_bjo,371
+clearskies_aws/actions/action_aws.py,sha256=JMogBFIrN72h5oBQLbyMy0LmfVLrqvWCYLQDml1qO4M,4674
+clearskies_aws/actions/assume_role.py,sha256=XNxbVju460aBMS8NQhY80eoNVQgZRJ6-OydsNOx3neA,4319
+clearskies_aws/actions/ses.py,sha256=Cu8USID8vy2IZC6sFOIQRzv8a0LCMvYG15yn0l-fl5g,8431
+clearskies_aws/actions/sns.py,sha256=YS1TbEwtU-0lDbjG2HyTBs2J-ML5OL3ModAiGTMeK-c,2205
+clearskies_aws/actions/sqs.py,sha256=r0z8njU87n09UgAq3l34JuNIbaBE85D_z8IE6ciIs9Q,3359
+clearskies_aws/actions/step_function.py,sha256=Y6tGbQJIAD_IwV9ohwYfuv3vqtryTwpFTNGUFgdj_DQ,2689
+clearskies_aws/backends/__init__.py,sha256=LgMNrf2yD9_PZBGbfs3yQGWM0NelSwk9GO73NfGwc44,587
+clearskies_aws/backends/backend.py,sha256=WpsoT0pZOdilvtOkbiNtk6DoOEzmjyWcCDfUCWOlToc,4316
+clearskies_aws/backends/dynamo_db_backend.py,sha256=cTlbSpMiJ-0YILeHRrMZ6u4blRl_76hmemZZO9BwNN4,29396
+clearskies_aws/backends/dynamo_db_condition_parser.py,sha256=OipIlFpcfS2GQiGpge6ZFX4NZNfNtHF87qi9g3yZgIU,12622
+clearskies_aws/backends/dynamo_db_parti_ql_backend.py,sha256=x1pLNTUsTjCxi1SDryr9_uhL-AQJS7ksP5bvQpnhaC8,46081
+clearskies_aws/backends/sqs_backend.py,sha256=kHTzgBwpYzV31UcGaoSUcC_7eZEwm-GsCHvXFM1OLT0,2152
+clearskies_aws/configs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+clearskies_aws/contexts/__init__.py,sha256=kBLUlkpIp88n5RgbE9gVi4rDnJou81vCE5g_aiv2v8Y,717
+clearskies_aws/contexts/cli_web_socket_mock.py,sha256=XjsFcx0YlQqjb9Hh8q2NUW7T2Exu7_FHx9v_Am0Uq0g,784
+clearskies_aws/contexts/lambda_alb.py,sha256=hNMWYePN_moC4waXdydAp7dJkGpSowxDZZzU39Sxc7I,3426
+clearskies_aws/contexts/lambda_api_gateway.py,sha256=HWH-CAX_aYiDhQr8rBhR5TW99-wx2ODsyI_dqGJkcdw,3354
+clearskies_aws/contexts/lambda_api_gateway_web_socket.py,sha256=gO0arcveIbvkCxrqjk8piVwcymuw_pgHwsSfdfElyWU,4583
+clearskies_aws/contexts/lambda_invoke.py,sha256=Ouns3zIw0G1aCuB0yVS91PgNqFVyqT3Oe6NcDgaEcvY,4872
+clearskies_aws/contexts/lambda_sns.py,sha256=_TyPqRWosfaJzreYGNabvR-XTLYYO4eVWMVINSIY-OE,4129
+clearskies_aws/contexts/lambda_sqs_standard.py,sha256=uzENeXJaWsZoUxves8IXo8wFrcub_viQSKF9fmmPPvE,5293
+clearskies_aws/di/__init__.py,sha256=pLHSIKxS1oELOgttRuwM0yXdJRxjZKXQ6tPxme2db0U,222
+clearskies_aws/di/aws_additional_config_auto_import.py,sha256=qc9AUlFdF9jhAzS99esyvgY1MiW7mLz45fATK7Yp0rg,1271
+clearskies_aws/di/inject/__init__.py,sha256=5_x5_BBQwC6J4k5YLdTm1DfIDM-95zXz1L5a1nMrlrY,186
+clearskies_aws/di/inject/boto3.py,sha256=7qcn5N-RnUKiCd1U31JAjQHF6NDudS4KyBLT0krUD-Y,404
+clearskies_aws/di/inject/boto3_session.py,sha256=11UYHz5kgrrx5lawoYaOFBm-QIoa45YUCMAOn4gT8Jo,383
+clearskies_aws/di/inject/parameter_store.py,sha256=g0uAVwQEywLO9bCcYLbDKuyYnYgVyrfcYsOBJWYGads,475
+clearskies_aws/endpoints/__init__.py,sha256=OUL_nhtuNs62BvQeVtC9xP_e9Hs_-qjANvb81vdLdrc,61
+clearskies_aws/endpoints/secrets_manager_rotation.py,sha256=wLJjid_K09rXGEd_MIgoHP84im4_Eo2m_lwAxn36Jf8,7763
+clearskies_aws/endpoints/simple_body_routing.py,sha256=B3fnfxUEMuNpzc26Pzly6618DFU9fpaCk8KhTGSaptE,1181
+clearskies_aws/input_outputs/__init__.py,sha256=RTDFwhPWZ2S0tZQiIPH0Tkj2xF-9qBjZte_CA2cmGt8,743
+clearskies_aws/input_outputs/cli_web_socket_mock.py,sha256=cp0MaJjVnsXE1rx5K44lpN9uHKo3MOAsNxVQ3AsJOi4,547
+clearskies_aws/input_outputs/lambda_alb.py,sha256=iYooG5AlkrQQgzSt304A5_u_UhuqYh-9PeLvFdGM_Eg,2013
+clearskies_aws/input_outputs/lambda_api_gateway.py,sha256=n5XiaxmaFKJ9wMQcNQwizpjcA-L_bdLk1aUk-QyO58w,4672
+clearskies_aws/input_outputs/lambda_api_gateway_web_socket.py,sha256=B7LIXI_9HpquTtUuPVnb7aH1agJt9qTWiISWiNlobdo,2926
+clearskies_aws/input_outputs/lambda_input_output.py,sha256=nJza0TFdAYOHdLvq6eFDW-TobpeF3EzuIsW9rdhrj3U,2819
+clearskies_aws/input_outputs/lambda_invoke.py,sha256=9TvtxVn2MYxUq9luZ-o0DMboFulA5ff-G8RFo3_x-nA,2861
+clearskies_aws/input_outputs/lambda_sns.py,sha256=nPvLxi5EUmgSeDYxFHnosG9mEzVKjt_mOFJvjsb1gQ4,3084
+clearskies_aws/input_outputs/lambda_sqs_standard.py,sha256=rtOH75SKuT4ByOn4tfgDvvLog0IZVaZUh8zQ_E4Yygw,2945
+clearskies_aws/mocks/__init__.py,sha256=mn764gINN667tYoJfnsM6HjAAhCsO_kZ6E-fUwdLY50,22
+clearskies_aws/mocks/actions/__init__.py,sha256=to1r8B365Et2PRVfUWWnJGt7Hdr8vwwQuNyZvTSTP6g,152
+clearskies_aws/mocks/actions/ses.py,sha256=KsII9ggU364BQoxgHfO2rxi6tjVsdnwJyMhtclOhWLQ,998
+clearskies_aws/mocks/actions/sns.py,sha256=yGY3V0_htOZ3y8VTLdznoMSUQZvnjulQbrR5z_-0fXQ,706
+clearskies_aws/mocks/actions/sqs.py,sha256=y0Vq7IMbjlfT5JMNHfbPsq9XVZhUF-G0kdXzQnPzyUA,710
+clearskies_aws/mocks/actions/step_function.py,sha256=ENEVy8Ai3vPymbQre5aWa5z2McBjlnopfsLxdO7oEbc,937
+clearskies_aws/models/__init__.py,sha256=tAU5cPGRSzSClNVRCBxzwlBq6eZO8fftuI3bG1jEyVQ,87
+clearskies_aws/models/web_socket_connection_model.py,sha256=5M1qfQHKuWMYPUDkwT48QPo2ROey7koizvWLfapsfow,7492
+clearskies_aws/secrets/__init__.py,sha256=0mqYja2ETBHJh4b3jgRhhJV1uGdZc9S7cUvcV5QByPs,445
+clearskies_aws/secrets/akeyless_with_ssm_cache.py,sha256=32HUS1KQ5F6Fu70HDtojqDL7VZvP_YDgbWLTTmNJvPA,2073
+clearskies_aws/secrets/parameter_store.py,sha256=nMpkbUnxHGcCoMD5T-weCS13f1RZA7ZHl24O7qXaZLE,1882
+clearskies_aws/secrets/secrets.py,sha256=aDMPj-tuXdRhh8YKMnsJe9V_VLrD8Cru-xUKs8cyDIY,485
+clearskies_aws/secrets/secrets_manager.py,sha256=hK10lVmEFJltTv7h2AkYR3ySCVXx1JVy56jWU1hyYso,3708
+clearskies_aws/secrets/additional_configs/__init__.py,sha256=0NFOMVod8tte_K0Jq1Qf7_DDBvp6aEE4wF4hddQaW8w,1927
+clearskies_aws/secrets/additional_configs/iam_db_auth.py,sha256=PwyiLaacpRfhBKzQBdvGWHUYf5Ymth1sG2ly7Z6RoR0,1238
+clearskies_aws/secrets/additional_configs/iam_db_auth_with_ssm.py,sha256=ABY29X-YvrE6vvNo6kVdf4DqyRNq5cFR5SfK7MNkltE,3463
+clearskies_aws/secrets/additional_configs/mysql_connection_dynamic_producer_via_ssh_cert_bastion.py,sha256=mLaplwvJLSbGh6oXgdOKL9Mv-6hLv5OUYCfEwHbHvLE,3700
+clearskies_aws/secrets/additional_configs/mysql_connection_dynamic_producer_via_ssm_bastion.py,sha256=2VHOwto4I9gBwrpd2HGpL-Wr0T2S-jFjUhe2Ib8hNJ8,6596
+clear_skies_aws-2.0.3.dist-info/METADATA,sha256=ZQj_x9m1wlgaf4SH_gu1AJiGiykQzDjdnBRLOgh9Q1Y,8973
+clear_skies_aws-2.0.3.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+clear_skies_aws-2.0.3.dist-info/licenses/LICENSE,sha256=MkEX8JF8kZxdyBpTTcB0YTd-xZpWnHvbRlw-pQh8u58,1069
+clear_skies_aws-2.0.3.dist-info/RECORD,,

{clear_skies_aws-2.0.1.dist-info → clear_skies_aws-2.0.3.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: hatchling 1.27.0
+Generator: hatchling 1.28.0
 Root-Is-Purelib: true
 Tag: py3-none-any

clearskies_aws/__init__.py

@@ -0,0 +1,27 @@
+from __future__ import annotations
+
+from clearskies_aws import (
+    actions,
+    backends,
+    contexts,
+    di,
+    endpoints,
+    handlers,
+    input_outputs,
+    mocks,
+    models,
+    secrets,
+)
+
+__all__ = [
+    "actions",
+    "backends",
+    "contexts",
+    "di",
+    "endpoints",
+    "handlers",
+    "input_outputs",
+    "mocks",
+    "models",
+    "secrets",
+]

clearskies_aws/actions/__init__.py

@@ -0,0 +1,15 @@
+from __future__ import annotations
+
+from clearskies_aws.actions.assume_role import AssumeRole
+from clearskies_aws.actions.ses import SES
+from clearskies_aws.actions.sns import SNS
+from clearskies_aws.actions.sqs import SQS
+from clearskies_aws.actions.step_function import StepFunction
+
+__all__ = [
+    "AssumeRole",
+    "SES",
+    "SNS",
+    "SQS",
+    "StepFunction",
+]

clearskies_aws/actions/action_aws.py

@@ -0,0 +1,135 @@
+from __future__ import annotations
+
+import json
+import logging
+from abc import ABC
+from collections import OrderedDict
+from types import ModuleType
+from typing import Callable, Generic, TypeVar
+
+from botocore.client import BaseClient
+from botocore.exceptions import ClientError
+from clearskies.action import Action
+from clearskies.configs import Boolean, String
+from clearskies.configs import Callable as CallableConfig
+from clearskies.configurable import Configurable
+from clearskies.decorators import parameters_to_properties
+from clearskies.di.inject import Di, Environment
+from clearskies.di.injectable_properties import InjectableProperties
+from clearskies.functional import string
+from clearskies.model import Model
+
+from clearskies_aws.di import inject
+
+from .assume_role import AssumeRole
+
+ClientType = TypeVar("ClientType", bound=BaseClient)
+
+
+class ActionAws(Generic[ClientType], Action, Configurable, InjectableProperties):
+    logging = logging.getLogger(__name__)
+    boto3 = inject.Boto3()
+    environment = Environment()
+    di = Di()
+
+    client: ClientType
+
+    service_name = String(required=True)
+
+    message_callable = CallableConfig(required=False, default=None)
+
+    when = CallableConfig(required=False, default=None)
+
+    assume_role: AssumeRole | None = None
+
+    region = String(required=False)
+
+    can_cache = Boolean(default=True)
+
+    @parameters_to_properties
+    def __init__(
+        self,
+        service_name: str,
+        message_callable: Callable | None = None,
+        when: Callable | None = None,
+        assume_role: AssumeRole | None = None,
+        region: str | None = None,
+    ) -> None:
+        """Set up the AWS action."""
+
+    # def configure(self, **kwargs):
+    #     """Configure the action with additional parameters."""
+    #     # Finalize configuration properties from Configurable
+    #     Configurable.finalize_and_validate_configuration(self)
+
+    #     # Handle any additional kwargs by setting them as attributes
+    #     for key, value in kwargs.items():
+    #         if hasattr(self, key):
+    #             setattr(self, key, value)
+
+    def __call__(self, model: Model) -> None:
+        """Send a notification as configured."""
+        if self.when and not self.di.call_function(self.when, model=model):
+            return
+
+        try:
+            client = self._get_client()
+            self._execute_action(client, model)
+        except ClientError as e:
+            self.logging.exception(f"Failed to retrieve client for {self.__class__.__name__} action.")
+            raise e
+
+    def _get_client(self) -> ClientType:
+        """Retrieve the boto3 client."""
+        if hasattr(self, "client") and self.client and self.can_cache:
+            return self.client
+
+        if self.assume_role:
+            boto3 = self.assume_role(self.boto3)
+        else:
+            boto3 = self.boto3
+
+        if not self.region:
+            self.region = self.default_region()
+        if self.region:
+            client = boto3.client(self.service_name, region_name=self.region)
+        else:
+            client = boto3.client(self.service_name)
+
+        if self.can_cache:
+            self.client = client
+        return client
+
+    def default_region(self):
+        region = self.environment.get("AWS_REGION", silent=True)
+        if region:
+            return region
+        region = self.environment.get("DEFAULT_AWS_REGION", silent=True)
+        if region:
+            return region
+        return None
+
+    def _execute_action(self, client: ClientType, model: Model) -> None:
+        """Run the action."""
+        pass
+
+    def get_message_body(self, model: Model) -> str:
+        """Retrieve the message for the action."""
+        if self.message_callable:
+            result = self.di.call_function(self.message_callable, model=model)
+            if isinstance(result, dict) or isinstance(result, list):
+                return json.dumps(result, default=string.datetime_to_iso)
+            if not isinstance(result, str):
+                callable_name = getattr(self.message_callable, "__name__", str(self.message_callable))
+                raise TypeError(
+                    f"The return value from the message callable for the {__name__} action must be a string, dictionary, or list. I received a "
+                    + f"{type(result)} after calling '{callable_name}'"
+                )
+            return result
+
+        model_data = OrderedDict()
+        for column_name, column in model.get_columns().items():
+            if not column.is_readable:
+                continue
+            model_data.update(column.to_json(model))
+        return json.dumps(model_data, default=string.datetime_to_iso)

clearskies_aws/actions/assume_role.py

@@ -0,0 +1,115 @@
+from __future__ import annotations
+
+from types import ModuleType
+
+
+class AssumeRole:
+    """
+    Used by the various actions if you need to assume a role before making an AWS call.
+
+    Note that, in all cases, this class and the actions assume that you already have AWS credentials
+    properly configured/findable by boto3 in the standard way.  If you just have static IAM credentials
+    that you are trying to use... well, you can do that with some undocumented hackery, but that's not
+    really the goal for any of these classes.
+
+    Example:
+        Here's a basic usage example with an SQS action on a model trigger::
+
+            class User(clearskies.Model):
+                def __init__(self, memory_backend, columns):
+                    super().__init__(memory_backend, columns)
+
+                def columns_configuration(self):
+                    return OrderedDict(
+                        [
+                            clearskies.column_types.string(
+                                "name",
+                                on_change=[
+                                    clearskies_aws.actions.sqs(
+                                        queue_url="https://queue.url.example.aws.com",
+                                        assume_role=clearskies_aws.actions.assume_role(
+                                            role_arn="arn:aws:iam:role/name",
+                                            external_id="12345",
+                                        ),
+                                    )
+                                ],
+                            ),
+                        ]
+                    )
+
+    Example:
+        Here's a more complicated example with a double-assumme-role to show how to combine them::
+
+            first_assume_role = clearskies_aws.actions.assume_role(
+                role_arn="arn:aws:123456789012:iam:role/name",
+                external_id="12345",
+            )
+            final_assume_role = clearskies_aws.actions.assume_role(
+                role_arn="arn:aws:210987654321:iam:role/name-2",
+                external_id="54321",
+                source=first_assume_role,
+            )
+
+
+            class User(clearskies.Model):
+                def __init__(self, memory_backend, columns):
+                    super().__init__(memory_backend, columns)
+
+                def columns_configuration(self):
+                    return OrderedDict(
+                        [
+                            clearskies.column_types.string(
+                                "name",
+                                on_change=[
+                                    clearskies_aws.actions.sqs(
+                                        queue_url="https://queue.url.example.aws.com",
+                                        assume_role=final_assume_role,
+                                    )
+                                ],
+                            ),
+                        ]
+                    )
+
+    """
+
+    role_arn = ""
+    external_id = ""
+    role_session_name = ""
+    duration = 3600
+    source: AssumeRole | None = None
+
+    def __init__(
+        self,
+        role_arn: str,
+        external_id: str = "",
+        role_session_name: str = "",
+        duration: int = 3600,
+        source: AssumeRole | None = None,
+    ):
+        """Assume a role."""
+        self.role_arn = role_arn
+        self.external_id = external_id
+        self.role_session_name = role_session_name
+        self.duration = duration
+        self.source = source
+
+    def __call__(self, boto3: ModuleType) -> ModuleType:
+        # chaining!
+        if self.source:
+            boto3 = self.source(boto3)
+
+        calling_params = {
+            "RoleArn": self.role_arn,
+            "RoleSessionName": self.role_session_name if self.role_session_name else "clearkies-aws",
+            "DurationSeconds": self.duration,
+        }
+        if self.external_id:
+            calling_params["ExternalId"] = self.external_id
+        credentials = boto3.client("sts").assume_role(**calling_params)["Credentials"]
+
+        # now let's make a new session using those
+        return boto3.Session(
+            aws_access_key_id=credentials["AccessKeyId"],
+            aws_secret_access_key=credentials["SecretAccessKey"],
+            aws_session_token=credentials["SessionToken"],
+        )

clearskies_aws/actions/ses.py

@@ -0,0 +1,203 @@
+from __future__ import annotations
+
+import datetime
+from typing import TYPE_CHECKING, Any, Callable
+
+import clearskies
+import jinja2
+from clearskies import Model
+from clearskies.configs import Any as AnyConfig
+from clearskies.configs import Email, EmailOrEmailListOrCallable, String
+from clearskies.decorators import parameters_to_properties
+from types_boto3_ses import SESClient
+
+from clearskies_aws.actions import action_aws
+
+if TYPE_CHECKING:
+    from clearskies_aws.actions import AssumeRole
+
+
+class SES(action_aws.ActionAws[SESClient]):
+    sender = Email(required=True)
+    to = EmailOrEmailListOrCallable(required=False)
+    cc = EmailOrEmailListOrCallable(required=False)
+    bcc = EmailOrEmailListOrCallable(required=False)
+    subject = String(required=False)
+    message = String(required=False)
+    subject_template = AnyConfig(required=False)
+    message_template = AnyConfig(required=False)
+    subject_template_file = String(required=False)
+    message_template_file = String(required=False)
+    dependencies_for_template: list[Any] = []
+
+    destinations: dict[str, list[str | Callable]] = {
+        "to": [],
+        "cc": [],
+        "bcc": [],
+    }
+
+    @parameters_to_properties
+    def __init__(
+        self,
+        sender: str,
+        to: list | str | Callable | None = None,
+        cc: list | str | Callable | None = None,
+        bcc: list | str | Callable | None = None,
+        subject: str | None = None,
+        message: str | None = None,
+        subject_template: jinja2.Template | None = None,
+        message_template: jinja2.Template | None = None,
+        subject_template_file: str | None = None,
+        message_template_file: str | None = None,
+        assume_role: AssumeRole | None = None,
+        dependencies_for_template: list[Any] = [],
+        when: Callable | None = None,
+    ) -> None:
+        """Configure the rules for this email notification."""
+        super().__init__(service_name="ses", assume_role=assume_role, when=when)
+
+    def configure(self):
+        self.finalize_and_validate_configuration()
+        # First finalize and validate configuration to set up defaults
+
+        # this just moves the data from the various "to" inputs (to, cc, bcc) into the self.destinations
+        # dictionary, after normalizing it so that it is always a list.
+        if not self.to and not self.cc and not self.bcc:
+            raise ValueError("You must configure at least one 'to' address or one 'cc' address or one 'bcc' address")
+
+        for key in self.destinations.keys():
+            destination_values = getattr(self, key, None)
+            if not destination_values:
+                continue
+            if type(destination_values) == str or callable(destination_values):
+                self.destinations[key] = [destination_values]
+            else:
+                self.destinations[key] = destination_values
+        num_subjects = 0
+        num_messages = 0
+        for source in [self.subject, self.subject_template, self.subject_template_file]:
+            if source:
+                num_subjects += 1
+        for source in [self.message, self.message_template, self.message_template_file]:
+            if source:
+                num_messages += 1
+        if num_subjects > 1:
+            raise ValueError(
+                "More than one of 'subject', 'subject_template', or 'subject_template_file' was set, but only one of these may be set."
+            )
+        if num_messages > 1:
+            raise ValueError(
+                "More than one of 'message', 'message_template', or 'message_template_file' was set, but only one of these may be set."
+            )
+
+        if self.subject_template_file:
+            with open(self.subject_template_file, "r", encoding="utf-8") as template:
+                self.subject_template = jinja2.Template(template.read())
+        elif self.subject_template and not isinstance(self.subject_template, jinja2.Template):
+            self.subject_template = jinja2.Template(self.subject_template)
+
+        if self.message_template_file:
+            with open(self.message_template_file, "r", encoding="utf-8") as template:
+                self.message_template = jinja2.Template(template.read())
+        elif self.message_template and not isinstance(self.message_template, jinja2.Template):
+            self.message_template = jinja2.Template(self.message_template)
+
+    def _execute_action(self, client: SESClient, model: Model) -> None:
+        """Send a notification as configured."""
+        utcnow = self.di.build("utcnow")
+
+        tos = self._resolve_destination("to", model)
+        if not tos:
+            return
+        response = client.send_email(
+            Destination={
+                "ToAddresses": tos,
+                "CcAddresses": self._resolve_destination("cc", model),
+                "BccAddresses": self._resolve_destination("bcc", model),
+            },
+            Message={
+                "Body": {
+                    "Html": {
+                        "Charset": "utf-8",
+                        "Data": self._resolve_message_as_html(model, utcnow),
+                    },
+                    "Text": {
+                        "Charset": "utf-8",
+                        "Data": self._resolve_message_as_text(model, utcnow),
+                    },
+                },
+                "Subject": {"Charset": "utf-8", "Data": self._resolve_subject(model, utcnow)},
+            },
+            Source=self.sender,
+        )
+
+    def _resolve_destination(self, name: str, model: clearskies.Model) -> list[str]:
+        """
+        Return a list of to/cc/bcc addresses.
+
+        Each entry can be:
+
+         1. An email address
+         2. The name of a column in the model that contains an email address
+        """
+        resolved = []
+        destinations = self.destinations[name]
+        for destination in destinations:
+            if callable(destination):
+                more = self.di.call_function(destination, model=model)
+                if not isinstance(more, list):
+                    more = [more]
+                for entry in more:
+                    if not isinstance(entry, str):
+                        raise ValueError(
+                            f"I invoked a callable to fetch the '{name}' addresses for model '{model.__class__.__name__}' but it returned something other than a string.  Callables must return a valid email address or a list of email addresses."
+                        )
+                    if "@" not in entry:
+                        raise ValueError(
+                            f"I invoked a callable to fetch the '{name}' addresses for model '{model.__class__.__name__}' but it returned a non-email address.  Callables must return a valid email address or a list of email addresses."
+                        )
+                resolved.extend(more)
+                continue
+            if "@" in destination:
+                resolved.append(destination)
+                continue
+            resolved.append(getattr(model, destination))
+        return resolved
+
+    def _resolve_message_as_html(self, model: clearskies.Model, now: datetime.datetime) -> str:
+        """Build the HTML for a message."""
+        if self.message:
+            return self.message
+
+        if self.message_template:
+            return str(
+                self.message_template.render(model=model, now=now, **self.more_template_variables(), text_in_html=True)
+            )
+
+        return ""
+
+    def _resolve_message_as_text(self, model: clearskies.Model, now: datetime.datetime) -> str:
+        """Build the text for a message."""
+        if self.message:
+            return self.message
+
+        if self.message_template:
+            return str(self.message_template.render(model=model, now=now, **self.more_template_variables()))
+
+        return ""
+
+    def _resolve_subject(self, model: clearskies.Model, now: datetime.datetime) -> str:
+        """Build the subject for a message."""
+        if self.subject:
+            return self.subject
+
+        if self.subject_template:
+            return str(self.subject_template.render(model=model, now=now, **self.more_template_variables()))
+
+        return ""
+
+    def more_template_variables(self) -> dict[str, Any]:
+        more_variables = {}
+        for dependency_name in self.dependencies_for_template:
+            more_variables[dependency_name] = self.di.build(dependency_name, cache=True)
+        return more_variables

clearskies_aws/actions/sns.py

@@ -0,0 +1,61 @@
+from __future__ import annotations
+
+from typing import Callable
+
+from clearskies import Model
+from clearskies.configs import Callable as CallableConfig
+from clearskies.configs import String
+from clearskies.decorators import parameters_to_properties
+from types_boto3_sns import SNSClient
+
+from .action_aws import ActionAws
+from .assume_role import AssumeRole
+
+
+class SNS(ActionAws[SNSClient]):
+    topic = String(required=False)
+    topic_environment_key = String(required=False)
+    topic_callable = CallableConfig(required=False)
+
+    @parameters_to_properties
+    def __init__(
+        self,
+        topic=None,
+        topic_environment_key=None,
+        topic_callable: Callable | None = None,
+        message_callable: Callable | None = None,
+        when: Callable | None = None,
+        assume_role: AssumeRole | None = None,
+    ) -> None:
+        """Configure the SNS action."""
+        super().__init__(service_name="sns", message_callable=message_callable, when=when, assume_role=assume_role)
+
+    def configure(self):
+        self.finalize_and_validate_configuration()
+        topics = 0
+        for value in [self.topic, self.topic_environment_key, self.topic_callable]:
+            if value:
+                topics += 1
+        if topics > 1:
+            raise ValueError(
+                "You can only provide one of 'topic', 'topic_environment_key', or 'topic_callable', but more than one were provided."
+            )
+        if not topics:
+            raise ValueError("You must provide at least one of 'topic', 'topic_environment_key', or 'topic_callable'.")
+
+    def _execute_action(self, client: SNSClient, model: Model) -> None:
+        """Send a notification as configured."""
+        topic_arn = self.get_topic_arn(model)
+        if not topic_arn:
+            return
+        client.publish(
+            TopicArn=self.get_topic_arn(model),
+            Message=self.get_message_body(model),
+        )
+
+    def get_topic_arn(self, model: Model) -> str:
+        if self.topic:
+            return self.topic
+        if self.topic_environment_key:
+            return self.environment.get(self.topic_environment_key)
+        return self.di.call_function(self.topic_callable, model=model)