From 79fd3e38206f3c74b3b82add2360af82f11b020a Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Tue, 13 Oct 2020 23:17:39 -0300 Subject: [PATCH 1/8] Provide full support to HTTP/HTTPS/EMAIL/EMAIL-JSON protocols / SQS Subscription without Assume Role in both Accounts --- aws/resource_aws_sns_topic_subscription.go | 56 ++-- .../r/sns_topic_subscription.html.markdown | 240 +++++------------- 2 files changed, 83 insertions(+), 213 deletions(-) diff --git a/aws/resource_aws_sns_topic_subscription.go b/aws/resource_aws_sns_topic_subscription.go index 453b3901cce..c18bd04404f 100644 --- a/aws/resource_aws_sns_topic_subscription.go +++ b/aws/resource_aws_sns_topic_subscription.go @@ -9,7 +9,6 @@ import ( "strings" "time" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -39,13 +38,14 @@ func resourceAwsSnsTopicSubscription() *schema.Resource { Required: true, ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ - // email and email-json not supported "application", "http", "https", "lambda", "sms", "sqs", + "email", + "email-json", }, true), }, "endpoint": { @@ -233,10 +233,13 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns. confirmation_timeout_in_minutes := d.Get("confirmation_timeout_in_minutes").(int) attributes := getResourceAttributes(d) - if strings.Contains(protocol, "http") && !endpoint_auto_confirms { - return nil, fmt.Errorf("Protocol http/https is only supported for endpoints which auto confirms!") + if endpoint_auto_confirms { + log.Printf("[DEBUG] Deprecated: endpoint_auto_confirms exists for historical compatibility and should not be used.") } + var time_to_sleep int = 10 + var count_time_to_sleep int = (confirmation_timeout_in_minutes * 60) / time_to_sleep + log.Printf("[DEBUG] SNS create topic subscription: %s (%s) @ '%s'", endpoint, protocol, topic_arn) req := &sns.SubscribeInput{ @@ -251,42 +254,33 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns. return nil, fmt.Errorf("Error creating SNS topic subscription: %s", err) } - log.Printf("[DEBUG] Finished subscribing to topic %s with subscription arn %s", topic_arn, *output.SubscriptionArn) - - if strings.Contains(protocol, "http") && subscriptionHasPendingConfirmation(output.SubscriptionArn) { - - log.Printf("[DEBUG] SNS create topic subscription is pending so fetching the subscription list for topic : %s (%s) @ '%s'", endpoint, protocol, topic_arn) - - err = resource.Retry(time.Duration(confirmation_timeout_in_minutes)*time.Minute, func() *resource.RetryError { - - subscription, err := findSubscriptionByNonID(d, snsconn) - - if err != nil { - return resource.NonRetryableError(err) - } - - if subscription == nil { - return resource.RetryableError(fmt.Errorf("Endpoint (%s) did not autoconfirm the subscription for topic %s", endpoint, topic_arn)) - } + for i := 1; i < count_time_to_sleep; i++ { + var subscription *sns.Subscription + subscription, err = findSubscriptionByNonID(d, snsconn) + if subscription != nil { output.SubscriptionArn = subscription.SubscriptionArn - return nil - }) - - if isResourceTimeoutError(err) { - var subscription *sns.Subscription - subscription, err = findSubscriptionByNonID(d, snsconn) - - if subscription != nil { - output.SubscriptionArn = subscription.SubscriptionArn - } } if err != nil { return nil, err } + + if !subscriptionHasPendingConfirmation(output.SubscriptionArn) { + log.Printf("[DEBUG] SubscriptionArn: %s", *output.SubscriptionArn) + break + } + + log.Printf("[DEBUG] SubscriptionArn: %s trying again (%d / %d)", *output.SubscriptionArn, i, count_time_to_sleep) + + time.Sleep(10 * time.Second) } + if subscriptionHasPendingConfirmation(output.SubscriptionArn) { + return nil, fmt.Errorf("Endpoint (%s) did not confirm the subscription for topic %s", endpoint, topic_arn) + } + + log.Printf("[DEBUG] Finished subscribing to topic %s with subscription arn %s", topic_arn, *output.SubscriptionArn) log.Printf("[DEBUG] Created new subscription! %s", *output.SubscriptionArn) return output, nil } diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index 02e132769ea..5eaba814e7f 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -13,14 +13,6 @@ This resource allows you to automatically place messages sent to SNS topics in S to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for Terraform users will probably be SQS queues. -~> **NOTE:** If the SNS topic and SQS queue are in different AWS regions, it is important for the "aws_sns_topic_subscription" to use an AWS provider that is in the same region of the SNS topic. If the "aws_sns_topic_subscription" is using a provider with a different region than the SNS topic, terraform will fail to create the subscription. - -~> **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires Terraform to have access to BOTH accounts. - -~> **NOTE:** If SNS topic and SQS queue are in different AWS accounts but the same region it is important for the "aws_sns_topic_subscription" to use the AWS provider of the account with the SQS queue. If "aws_sns_topic_subscription" is using a Provider with a different account than the SQS queue, terraform creates the subscriptions but does not keep state and tries to re-create the subscription at every apply. - -~> **NOTE:** If SNS topic and SQS queue are in different AWS accounts and different AWS regions it is important to recognize that the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic. - ## Example Usage You can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN: @@ -53,177 +45,67 @@ resource "aws_sns_topic_subscription" "user_updates_sqs_target" { You can subscribe SNS topics to SQS queues in different Amazon accounts and regions: -```hcl -variable "sns" { - default = { - account-id = "111111111111" - role-name = "service/service-hashicorp-terraform" - name = "example-sns-topic" - display_name = "example" - region = "us-west-1" - } -} - -variable "sqs" { - default = { - account-id = "222222222222" - role-name = "service/service-hashicorp-terraform" - name = "example-sqs-queue" - region = "us-east-1" - } -} - -data "aws_iam_policy_document" "sns-topic-policy" { - policy_id = "__default_policy_ID" - - statement { - actions = [ - "SNS:Subscribe", - "SNS:SetTopicAttributes", - "SNS:RemovePermission", - "SNS:Receive", - "SNS:Publish", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:DeleteTopic", - "SNS:AddPermission", - ] - - condition { - test = "StringEquals" - variable = "AWS:SourceOwner" - - values = [ - var.sns["account-id"], - ] - } - - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - resources = [ - "arn:aws:sns:${var.sns["region"]}:${var.sns["account-id"]}:${var.sns["name"]}", - ] - - sid = "__default_statement_ID" - } - - statement { - actions = [ - "SNS:Subscribe", - "SNS:Receive", - ] - - condition { - test = "StringLike" - variable = "SNS:Endpoint" - - values = [ - "arn:aws:sqs:${var.sqs["region"]}:${var.sqs["account-id"]}:${var.sqs["name"]}", - ] - } - - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } +-> NOTE: +Terraform must be run on each account individually. +SQS in account `222222222222` and region `us-east-1` +SNS topic and Subscription in account `111111111111` and region `us-west-1` - resources = [ - "arn:aws:sns:${var.sns["region"]}:${var.sns["account-id"]}:${var.sns["name"]}", - ] +### SQS Queue (Account Id: 222222222222 / Region: us-east-1) - sid = "__console_sub_0" - } +```hcl +resource "aws_sqs_queue" "this" { + name = "example-sqs-queue" } -data "aws_iam_policy_document" "sqs-queue-policy" { - policy_id = "arn:aws:sqs:${var.sqs["region"]}:${var.sqs["account-id"]}:${var.sqs["name"]}/SQSDefaultPolicy" - - statement { - sid = "example-sns-topic" - effect = "Allow" - - principals { - type = "AWS" - identifiers = ["*"] - } - - actions = [ - "SQS:SendMessage", - ] - - resources = [ - "arn:aws:sqs:${var.sqs["region"]}:${var.sqs["account-id"]}:${var.sqs["name"]}", - ] - - condition { - test = "ArnEquals" - variable = "aws:SourceArn" - - values = [ - "arn:aws:sns:${var.sns["region"]}:${var.sns["account-id"]}:${var.sns["name"]}", - ] +resource "aws_sqs_queue_policy" "this" { + queue_url = aws_sqs_queue.this.id + + policy = < NOTE: +You should receive a confirmation message at the configured endpoint and validate the subscription. ### Specifying endpoints @@ -287,3 +162,4 @@ SNS Topic Subscriptions can be imported using the `subscription arn`, e.g. ``` $ terraform import aws_sns_topic_subscription.user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f ``` + From e18130c372c5551f778ceff8b2043667ed06c022 Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Tue, 13 Oct 2020 23:29:31 -0300 Subject: [PATCH 2/8] terrafmt fix --- website/docs/r/sns_topic_subscription.html.markdown | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index 5eaba814e7f..70e4ff5287d 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -95,17 +95,18 @@ POLICY ``` ### SNS Topic and Subscription (Account Id: 111111111111 / Region: us-west-1) + ```hcl resource "aws_sns_topic" "this" { name = "example-sns-topic" } resource "aws_sns_topic_subscription" "this" { - topic_arn = aws_sns_topic.this.arn - protocol = "sqs" - endpoint = "arn:aws:sqs:us-east-1:222222222222:example-sqs-queue" + topic_arn = aws_sns_topic.this.arn + protocol = "sqs" + endpoint = "arn:aws:sqs:us-east-1:222222222222:example-sqs-queue" confirmation_timeout_in_minutes = "5" - depends_on = [ aws_sns_topic.this ] + depends_on = [aws_sns_topic.this] } ``` From a26741e70473ef3202aa9e7e1de3ac3f172b139a Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Wed, 14 Oct 2020 15:24:57 -0300 Subject: [PATCH 3/8] Enhancement --- aws/resource_aws_sns_topic_subscription.go | 56 ++++++++++++++-------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/aws/resource_aws_sns_topic_subscription.go b/aws/resource_aws_sns_topic_subscription.go index c18bd04404f..c828593408b 100644 --- a/aws/resource_aws_sns_topic_subscription.go +++ b/aws/resource_aws_sns_topic_subscription.go @@ -9,6 +9,7 @@ import ( "strings" "time" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -32,6 +33,11 @@ func resourceAwsSnsTopicSubscription() *schema.Resource { State: schema.ImportStatePassthrough, }, + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(5 * time.Minute), + Update: schema.DefaultTimeout(5 * time.Minute), + }, + Schema: map[string]*schema.Schema{ "protocol": { Type: schema.TypeString, @@ -237,8 +243,9 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns. log.Printf("[DEBUG] Deprecated: endpoint_auto_confirms exists for historical compatibility and should not be used.") } - var time_to_sleep int = 10 - var count_time_to_sleep int = (confirmation_timeout_in_minutes * 60) / time_to_sleep + if confirmation_timeout_in_minutes > 0 { + log.Printf("[DEBUG] Deprecated: confirmation_timeout_in_minutes exists for historical compatibility and should not be used.") + } log.Printf("[DEBUG] SNS create topic subscription: %s (%s) @ '%s'", endpoint, protocol, topic_arn) @@ -254,33 +261,42 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns. return nil, fmt.Errorf("Error creating SNS topic subscription: %s", err) } - for i := 1; i < count_time_to_sleep; i++ { - var subscription *sns.Subscription - subscription, err = findSubscriptionByNonID(d, snsconn) + log.Printf("[DEBUG] Finished subscribing to topic %s with subscription arn %s", topic_arn, *output.SubscriptionArn) + + if subscriptionHasPendingConfirmation(output.SubscriptionArn) { + + log.Printf("[DEBUG] SNS create topic subscription is pending so fetching the subscription list for topic : %s (%s) @ '%s'", endpoint, protocol, topic_arn) + + err = resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError { + + subscription, err := findSubscriptionByNonID(d, snsconn) + + if err != nil { + return resource.NonRetryableError(err) + } + + if subscription == nil { + return resource.RetryableError(fmt.Errorf("Endpoint (%s) did not confirm the subscription for topic %s", endpoint, topic_arn)) + } - if subscription != nil { output.SubscriptionArn = subscription.SubscriptionArn + return nil + }) + + if isResourceTimeoutError(err) { + var subscription *sns.Subscription + subscription, err = findSubscriptionByNonID(d, snsconn) + + if subscription != nil { + output.SubscriptionArn = subscription.SubscriptionArn + } } if err != nil { return nil, err } - - if !subscriptionHasPendingConfirmation(output.SubscriptionArn) { - log.Printf("[DEBUG] SubscriptionArn: %s", *output.SubscriptionArn) - break - } - - log.Printf("[DEBUG] SubscriptionArn: %s trying again (%d / %d)", *output.SubscriptionArn, i, count_time_to_sleep) - - time.Sleep(10 * time.Second) - } - - if subscriptionHasPendingConfirmation(output.SubscriptionArn) { - return nil, fmt.Errorf("Endpoint (%s) did not confirm the subscription for topic %s", endpoint, topic_arn) } - log.Printf("[DEBUG] Finished subscribing to topic %s with subscription arn %s", topic_arn, *output.SubscriptionArn) log.Printf("[DEBUG] Created new subscription! %s", *output.SubscriptionArn) return output, nil } From 18e0d558403661d3592727f60bb863f5d13dfc55 Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Wed, 14 Oct 2020 16:47:28 -0300 Subject: [PATCH 4/8] Update documentation --- .../docs/r/sns_topic_subscription.html.markdown | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index 70e4ff5287d..d9cee36954d 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -105,7 +105,6 @@ resource "aws_sns_topic_subscription" "this" { topic_arn = aws_sns_topic.this.arn protocol = "sqs" endpoint = "arn:aws:sqs:us-east-1:222222222222:example-sqs-queue" - confirmation_timeout_in_minutes = "5" depends_on = [aws_sns_topic.this] } ``` @@ -118,11 +117,21 @@ The following arguments are supported: * `protocol` - (Required) The protocol to use, see below. Refer to the [SNS API docs](https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html) for more details. * `endpoint` - (Required) The endpoint to send data to, the contents will vary with the protocol. (see below for more information) * `endpoint_auto_confirms` - (Deprecated) The endpoint auto confirms exists for historical compatibility and should not be used. -* `confirmation_timeout_in_minutes` - (Optional) Integer indicating number of minutes to wait in retying mode for fetching subscription arn before marking it as failure. You must receive the confirmation message to accept the subscription. (default is 1 minute). Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-send-message-to-sqs-cross-account.html) for more details. +* `confirmation_timeout_in_minutes` - (Deprecated) The confirmation timeout in minutes exists for historical compatibility and should not be used. * `raw_message_delivery` - (Optional) Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false). * `filter_policy` - (Optional) JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/message-filtering.html) for more details. * `delivery_policy` - (Optional) JSON String with the delivery policy (retries, backoff, etc.) that will be used in the subscription - this only applies to HTTP/S subscriptions. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for more details. +### Timeouts + +Refer to the [AWS SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-send-message-to-sqs-cross-account.html) for more details. + +The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: + +* `create` - (Defaults to 5 mins) - You should receive a confirmation message at the configured endpoint and validate the subscription. +* `update` - (Defaults to 5 mins) - You should receive a confirmation message at the configured endpoint and validate the subscription. + + ### Protocols supported Supported SNS protocols include: @@ -136,8 +145,6 @@ Supported SNS protocols include: * `email` -- delivery of message via SMTP * `email-json` -- delivery of JSON-encoded message via SMTP --> NOTE: -You should receive a confirmation message at the configured endpoint and validate the subscription. ### Specifying endpoints From 734291bfc8d6ed479f95fe9146e4704b6fe28ca3 Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Wed, 14 Oct 2020 16:52:01 -0300 Subject: [PATCH 5/8] terrafmt fix --- website/docs/r/sns_topic_subscription.html.markdown | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index d9cee36954d..0dd1a52a918 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -102,10 +102,10 @@ resource "aws_sns_topic" "this" { } resource "aws_sns_topic_subscription" "this" { - topic_arn = aws_sns_topic.this.arn - protocol = "sqs" - endpoint = "arn:aws:sqs:us-east-1:222222222222:example-sqs-queue" - depends_on = [aws_sns_topic.this] + topic_arn = aws_sns_topic.this.arn + protocol = "sqs" + endpoint = "arn:aws:sqs:us-east-1:222222222222:example-sqs-queue" + depends_on = [aws_sns_topic.this] } ``` From f061efc616f8ee45e5ffac22e410c64388b67a7b Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Wed, 14 Oct 2020 18:08:12 -0300 Subject: [PATCH 6/8] Remove Update Timeout --- aws/resource_aws_sns_topic_subscription.go | 1 - website/docs/r/sns_topic_subscription.html.markdown | 1 - 2 files changed, 2 deletions(-) diff --git a/aws/resource_aws_sns_topic_subscription.go b/aws/resource_aws_sns_topic_subscription.go index c828593408b..a209026cf65 100644 --- a/aws/resource_aws_sns_topic_subscription.go +++ b/aws/resource_aws_sns_topic_subscription.go @@ -35,7 +35,6 @@ func resourceAwsSnsTopicSubscription() *schema.Resource { Timeouts: &schema.ResourceTimeout{ Create: schema.DefaultTimeout(5 * time.Minute), - Update: schema.DefaultTimeout(5 * time.Minute), }, Schema: map[string]*schema.Schema{ diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index 0dd1a52a918..5b7d3c753bf 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -129,7 +129,6 @@ Refer to the [AWS SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-send-m The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration/resources.html#timeouts) for certain actions: * `create` - (Defaults to 5 mins) - You should receive a confirmation message at the configured endpoint and validate the subscription. -* `update` - (Defaults to 5 mins) - You should receive a confirmation message at the configured endpoint and validate the subscription. ### Protocols supported From c00e508eaa103bfd578802c7dde64b1ca5f9e2ad Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Wed, 14 Oct 2020 18:22:14 -0300 Subject: [PATCH 7/8] Deprecated endpoint_auto_confirms and confirmation_timeout_in_minutes --- aws/resource_aws_sns_topic_subscription.go | 24 +++++++------------ .../r/sns_topic_subscription.html.markdown | 4 ++-- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/aws/resource_aws_sns_topic_subscription.go b/aws/resource_aws_sns_topic_subscription.go index a209026cf65..d9fc0586b8b 100644 --- a/aws/resource_aws_sns_topic_subscription.go +++ b/aws/resource_aws_sns_topic_subscription.go @@ -59,14 +59,16 @@ func resourceAwsSnsTopicSubscription() *schema.Resource { ForceNew: true, }, "endpoint_auto_confirms": { - Type: schema.TypeBool, - Optional: true, - Default: false, + Type: schema.TypeBool, + Optional: true, + Default: false, + Deprecated: "endpoint_auto_confirms exists for historical compatibility and should not be used.", }, "confirmation_timeout_in_minutes": { - Type: schema.TypeInt, - Optional: true, - Default: 1, + Type: schema.TypeInt, + Optional: true, + Default: 1, + Deprecated: "confirmation_timeout_in_minutes exists for historical compatibility and should not be used.", }, "topic_arn": { Type: schema.TypeString, @@ -234,18 +236,8 @@ func subscribeToSNSTopic(d *schema.ResourceData, snsconn *sns.SNS) (output *sns. protocol := d.Get("protocol").(string) endpoint := d.Get("endpoint").(string) topic_arn := d.Get("topic_arn").(string) - endpoint_auto_confirms := d.Get("endpoint_auto_confirms").(bool) - confirmation_timeout_in_minutes := d.Get("confirmation_timeout_in_minutes").(int) attributes := getResourceAttributes(d) - if endpoint_auto_confirms { - log.Printf("[DEBUG] Deprecated: endpoint_auto_confirms exists for historical compatibility and should not be used.") - } - - if confirmation_timeout_in_minutes > 0 { - log.Printf("[DEBUG] Deprecated: confirmation_timeout_in_minutes exists for historical compatibility and should not be used.") - } - log.Printf("[DEBUG] SNS create topic subscription: %s (%s) @ '%s'", endpoint, protocol, topic_arn) req := &sns.SubscribeInput{ diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index 5b7d3c753bf..1d8c7ddb693 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -116,8 +116,8 @@ The following arguments are supported: * `topic_arn` - (Required) The ARN of the SNS topic to subscribe to * `protocol` - (Required) The protocol to use, see below. Refer to the [SNS API docs](https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html) for more details. * `endpoint` - (Required) The endpoint to send data to, the contents will vary with the protocol. (see below for more information) -* `endpoint_auto_confirms` - (Deprecated) The endpoint auto confirms exists for historical compatibility and should not be used. -* `confirmation_timeout_in_minutes` - (Deprecated) The confirmation timeout in minutes exists for historical compatibility and should not be used. +* `endpoint_auto_confirms` - (Optional, **DEPRECATED**) Boolean indicating whether the end point is capable of [auto confirming subscription](http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html#SendMessageToHttp.prepare) e.g., PagerDuty (default is false) +* `confirmation_timeout_in_minutes` - (Optional, **DEPRECATED**) Integer indicating number of minutes to wait in retying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols (default is 1 minute). * `raw_message_delivery` - (Optional) Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false). * `filter_policy` - (Optional) JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/message-filtering.html) for more details. * `delivery_policy` - (Optional) JSON String with the delivery policy (retries, backoff, etc.) that will be used in the subscription - this only applies to HTTP/S subscriptions. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for more details. From c00fbeb2e2e1dafc21e91522ba5e5bd22f716ec7 Mon Sep 17 00:00:00 2001 From: Smailli Hemori Moraes Date: Wed, 14 Oct 2020 20:21:18 -0300 Subject: [PATCH 8/8] Using aws_iam_policy_document to generate access policy --- .../r/sns_topic_subscription.html.markdown | 69 +++++++++---------- 1 file changed, 34 insertions(+), 35 deletions(-) diff --git a/website/docs/r/sns_topic_subscription.html.markdown b/website/docs/r/sns_topic_subscription.html.markdown index 1d8c7ddb693..d9d3865db93 100644 --- a/website/docs/r/sns_topic_subscription.html.markdown +++ b/website/docs/r/sns_topic_subscription.html.markdown @@ -57,40 +57,40 @@ resource "aws_sqs_queue" "this" { name = "example-sqs-queue" } -resource "aws_sqs_queue_policy" "this" { - queue_url = aws_sqs_queue.this.id +data "aws_iam_policy_document" "sqs-queue-policy" { + policy_id = "${aws_sqs_queue.this.arn}/SQSDefaultPolicy" + + statement { + sid = "example-sns-topic" + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["*"] + } + + actions = [ + "SQS:SendMessage", + ] - policy = <