Skip to content

docs(sns): add detailed permissions documentation to Topic methods #35744

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+46 −0
Open

docs(sns): add detailed permissions documentation to Topic methods #35744

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions packages/aws-cdk-lib/aws-sns/lib/topic-base.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ export interface ITopic extends IResource, notifications.INotificationRuleTarget

/**
* Subscribe some endpoint to this topic
*
* Creates a subscription between this SNS topic and an endpoint, such as
* an SQS queue, Lambda function, email address, or HTTP/HTTPS endpoint.
* The subscription will be created with the configuration specified in the
* ITopicSubscription implementation and will generate the corresponding
* AWS::SNS::Subscription resource in the CloudFormation template.
*/
addSubscription(subscription: ITopicSubscription): Subscription;

Expand All @@ -68,11 +74,28 @@ export interface ITopic extends IResource, notifications.INotificationRuleTarget

/**
* Grant topic publishing permissions to the given identity
*
* This will grant the following permissions:
*
* - sns:Publish
*
* If the topic is encrypted with a customer-managed KMS key, this will also grant the following permissions to the key:
*
* - kms:Decrypt
* - kms:GenerateDataKey*
*
* @param identity Principal to grant publish rights to
*/
grantPublish(identity: iam.IGrantable): iam.Grant;

/**
* Grant topic subscribing permissions to the given identity
*
* This will grant the following permissions:
*
* - sns:Subscribe
*
* @param identity Principal to grant subscribe rights to
*/
grantSubscribe(identity: iam.IGrantable): iam.Grant;
}
Expand Down Expand Up @@ -113,6 +136,12 @@ export abstract class TopicBase extends Resource implements ITopic {

/**
* Subscribe some endpoint to this topic
*
* Creates a subscription between this SNS topic and an endpoint, such as
* an SQS queue, Lambda function, email address, or HTTP/HTTPS endpoint.
* The subscription will be created with the configuration specified in the
* ITopicSubscription implementation and will generate the corresponding
* AWS::SNS::Subscription resource in the CloudFormation template.
*/
public addSubscription(topicSubscription: ITopicSubscription): Subscription {
const subscriptionConfig = topicSubscription.bind(this);
Expand Down Expand Up @@ -203,6 +232,17 @@ export abstract class TopicBase extends Resource implements ITopic {

/**
* Grant topic publishing permissions to the given identity
*
* This will grant the following permissions:
*
* - sns:Publish
*
* If the topic is encrypted with a customer-managed KMS key, this will also grant the following permissions to the key:
*
* - kms:Decrypt
* - kms:GenerateDataKey*
*
* @param grantee Principal to grant publish rights to
*/
public grantPublish(grantee: iam.IGrantable) {
const ret = iam.Grant.addToPrincipalOrResource({
Expand All @@ -219,6 +259,12 @@ export abstract class TopicBase extends Resource implements ITopic {

/**
* Grant topic subscribing permissions to the given identity
*
* This will grant the following permissions:
*
* - sns:Subscribe
*
* @param grantee Principal to grant subscribe rights to
*/
public grantSubscribe(grantee: iam.IGrantable) {
return iam.Grant.addToPrincipalOrResource({
Expand Down
Loading