Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lambda cannot subscribe to SNS Topic in different region #5734

Closed
2 tasks
konstantinj opened this issue Jan 9, 2020 · 1 comment · Fixed by #7679
Closed
2 tasks

Lambda cannot subscribe to SNS Topic in different region #5734

konstantinj opened this issue Jan 9, 2020 · 1 comment · Fixed by #7679
Assignees
Labels
@aws-cdk/aws-sns Related to Amazon Simple Notification Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on.

Comments

@konstantinj
Copy link

Déjà-vu. I had this issue already in #4298 but this time I'm using a lambda which should subscribe to a SNS Topic in a different region. This also results in Cloudformation giving me a Invalid parameter: TopicArn

This is also discussed here: serverless/serverless#3676

Use Case

Unfortunately there are quite some use cases since aws provides some "own" topics where users can subscribe to get certain updates about new amis, bounces or in my case new ip address ranges.

const amazonIpSpaceChangedTopic = Topic.fromTopicArn(this, 'AmazonIpSpaceChangedTopic', 'arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged')
        const amazonIpSpaceChangedFunction = new Function(this, 'AmazonIpSpaceChangedFunction', {
            runtime: Runtime.PYTHON_3_8,
            code: AssetCode.fromAsset('app/lambda/'),
            handler: 'update_security_groups.lambda_handler',
            vpc: vpc,
            logRetention: RetentionDays.TWO_WEEKS,
            allowAllOutbound: true,
        })
        amazonIpSpaceChangedFunction.addEventSource(new SnsEventSource(amazonIpSpaceChangedTopic))

        const statement = new PolicyStatement()
        statement.addActions('lambda:InvokeFunction')
        statement.addActions('ec2:DescribeSecurityGroups')
        statement.addActions('ec2:AuthorizeSecurityGroupIngress')
        statement.addActions('ec2:RevokeSecurityGroupIngress')
        statement.addResources('*')
        amazonIpSpaceChangedFunction.addToRolePolicy(statement)

Just fyi, it's using this lambda function: https://github.com/aws-samples/aws-cloudfront-samples/tree/master/update_security_groups_lambda

But the problem can't be solved within this lambda. It's the lambda making the connection to the SNS topic.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

@konstantinj konstantinj added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 9, 2020
@SomayaB SomayaB added @aws-cdk/aws-lambda Related to AWS Lambda @aws-cdk/aws-sns Related to Amazon Simple Notification Service bug This issue is a bug. and removed feature-request A feature should be added or improved. labels Jan 13, 2020
@nija-at nija-at added feature-request A feature should be added or improved. and removed bug This issue is a bug. @aws-cdk/aws-sns Related to Amazon Simple Notification Service labels Jan 15, 2020
@nija-at
Copy link
Contributor

nija-at commented Feb 5, 2020

The workaround for this is to create the Subscription class and specify the region property as the region of the SNS topic. The values to be passed for the other properties should be similar to what the LambdaSubscription class does.

The fix is to do something similar to what was done for SQS - 3dd194d - if the topic is imported, the region needs to be extracted and specified as the region for the Subscription construct.

@nija-at nija-at added good first issue Related to contributions. See CONTRIBUTING.md @aws-cdk/aws-sns Related to Amazon Simple Notification Service effort/small Small work item – less than a day of effort and removed @aws-cdk/aws-lambda Related to AWS Lambda needs-triage This issue or PR still needs to be triaged. labels Feb 5, 2020
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Apr 30, 2020
@mergify mergify bot closed this as completed in #7679 Apr 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-sns Related to Amazon Simple Notification Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants