We are working on SNS to HTTPS API integration between 2 teams. So, another team has SNS topic configured in us-east-1 region and our HTTPS API is running in us-west-2 region.
Just wanted to check if we can process SNS messages generated from us-east-1 and a different AWS account in us-west-2 region.
I read somewhere (can't remember the blog post link now), that if SNS messages are generated in us-east-1, they have to be processed in us-east-1 only. If we try to process in us-east-2, message signature verification will fail and throws an invalid TopicArn exception.
Please guide if this is correct.
So, another team has SNS topic configured in us-east-1 region and our HTTPS API is running in us-west-2 region.
When SNS is publishing to an HTTPS endpoint, the endpoint can be anywhere on the Internet. It doesn't even need to be in AWS at all. As long as your HTTPS endpoint is accessible from the Internet and has a valid SSL certificate (matches the hostname, not expired, signed by an accredited certificate authority, not self-signed), that is all SNS will require.
The destination region and destination AWS account lose all meaningfulness in such a setup. There is no constraint, here.
If the topic is in us-east-1 then all requests sent to SNS must be sent to the us-east-1 endpoint (e.g. Subscribe or Publish) but even then, they can be sent from anywhere on the Internet.