AWS lambda calling two differents SNS mixed up account ids

16 Views Asked by Lucke At 27 March 2024 at 15:46

I have the follow sam template for a lambda that would call two SNS fifo:

Resources:
  MainFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: core.lambda_function.lambda_handler
      Policies:
        - SNSPublishMessagePolicy:
            TopicName: !Select [ 5, !Split [ ":", !Ref SNSTopicARN ] ]
        - SNSPublishMessagePolicy:
            TopicName: !Select [ 5, !Split [ ":", !Ref SNSTopicARN2 ] ]

But when SNSTopicARN and SNSTopicARN2 has a ARN with different userId it creates wrong resource like in SNSTopic2 is created something like:

{
    "Statement": [
        {
            "Action": [
                "sns:Publish"
            ],
            "Resource": "arn:aws:sns:us-east-1:idAccountFromSNS1:SNS2.fifo",
            "Effect": "Allow"
        }
    ]
}

So ids would be mixed up. is there some way to specify ARN in SNSPublishMessagePolicy or use another approach to avoid this ?

Original Q&A

There are 1 best solutions below

erik258 On 27 March 2024 at 16:01 BEST ANSWER

From https://repost.aws/knowledge-center/lambda-sam-template-permissions:

For the Policies property, enter any combination of the following:

The name of an AWS managed policy

The name of an AWS SAM policy template

An inline policy document

so you should be able to add something to the policies that looks like this:

      Policies:
      - Statement:
        - Sid: PublishToSNS
          Effect: Allow
          Action:
          - sns:Publish
          Resource:
          - !Ref SNSTopicARN
          - !Ref SNSTopicARN2

AWS lambda calling two differents SNS mixed up account ids

There are 1 best solutions below

Related Questions in AWS-LAMBDA

Related Questions in AWS-CLOUDFORMATION

Trending Questions

Popular # Hahtags

Popular Questions