1

I have problems assigning my sqs queue the correct policy so that any sns topic can send a message to it whenever this queue gets subscribed to it. I tried to use UpdatePolicy and Metadata in serverless without any effect:

resources:
  Resources:
    DevNull:
      Type: AWS::SQS::Queue
      Properties:
        QueueName: ${self:custom.serviceName}-${self:provider.stage}-dev-null-queue
      UpdatePolicy:
        policy:
          statement:
            - Effect: Allow
              Principal:
                Service: sns.amazonaws.com
                Action: sqs:SendMessage
              Resource: '*'

      Metadata:
        AWS::CloudFormation::CustomResource:
          policyStatements:
            - Effect: Allow
              Principal:
                Service: sns.amazonaws.com
              Action:
                - 'sqs:SendMessage'
              Resource: '*'

I also can not see any changes in the "Access policy(Permission)" tab in the aws console after deployment. I subscribed an email address to double check if the messages are sent and I get them all via email but there is none in the sqs.

I found a SAM template which does what I need but I have no idea how to write this with the serverless framework and I can not find any documentation on this.

Improve this question

1 Answer 1

Reset to default
1

You need a QueuePolicy that will allows SNS to send a message to the queue. This is an example from one of my projects, hope it helps :)

Resources:
  MyQueue:
    Type: AWS::SQS::Queue
    Properties: 
      RedrivePolicy: 
        deadLetterTargetArn: 
          Fn::GetAtt:
            - MyQueueDLQ
            - Arn
        maxReceiveCount: 5

  MyQueueDLQ:
    Type: AWS::SQS::Queue

  SNSTopicToMyQueuePolicy:
      Type: AWS::SQS::QueuePolicy
      Properties:
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Sid: 'allow-sns-messages'
              Effect: Allow
              Principal:
                Service: 'sns.amazonaws.com'
              Resource:
                Fn::GetAtt:
                - MyQueue
                - Arn
              Action: 'SQS:SendMessage'
              # COMMENT THIS IN IF YOU WANT IT TO ONLY ALLOW A CERTAIN SNS TOPIC
              # Condition:
                # ArnEquals:
                  # 'aws:SourceArn':
                    # Ref: MySNSTopic
        Queues:
          - Ref: MyQueue

  // If you want the queue to subscribe to a certain topic
  QueueSubscription:
      Type: AWS::SNS::Subscription
      Properties:
        TopicArn:
          Ref: MySNSTopic
        Endpoint:
          Fn::GetAtt:
            - MyQueue
            - Arn
        Protocol: sqs
        RawMessageDelivery: true
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.