Search code examples
amazon-web-servicesaws-lambdaaws-cloudformationamazon-sqsamazon-sns

AWS SNS to SQS publish fails using Cloudformation

I've recently started learning and implementing services using AWS services. So, I guess I'm missing some small steps which I can't figure it.

I'm trying to implement the following diagram using the Cloudformation template. Everything is working fine unless. The Lambda and SQS queue are subscribed to the SNS topic successfully. Whenever a file is stored at the bucket, or even when I publish a message to the SNS topic manually, the lambda function is triggered successfully, but the message is not published to the SQS queue. I've also added the AWS::SQS::QueuePolicy to allow SNS to send messages to SQS, but it still does not work.

AWS Architecture

template.yml:

...

Resources:
  S3ObjectPutTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: !Sub ${AppName}-vrp-creation-${Environment}-topic

  BucketToSNSPermission:
    Type: AWS::SNS::TopicPolicy
    ...

  Bucket:
    Type: AWS::S3::Bucket
    ...

  Lambda:
    Type: AWS::Serverless::Function
    ...

  Queue:
    Type: AWS::SQS::Queue
    Properties:
      DelaySeconds: 0
      MaximumMessageSize: 262144
      MessageRetentionPeriod: 864000
      QueueName: !Sub ${AppName}-${Environment}-queue
      ReceiveMessageWaitTimeSeconds: 0
      VisibilityTimeout: 90

  TopicToQueuePermission:
    Type: AWS::SQS::QueuePolicy
    Properties:
      Queues:
        - !Ref Queue
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: s3.amazonaws.com
            Action: sqs:SendMessage
            Resource: !GetAtt Queue.Arn
            Condition:
              ArnEquals:
                aws:SourceArn: !Ref S3ObjectPutTopic

  TopicToQueueSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      Protocol: sqs
      TopicArn: !Ref S3ObjectPutTopic
      Endpoint: !GetAtt Queue.Arn
      RawMessageDelivery: true

The full Cloudformation template.yaml file: template.yaml

Solution

  • You have mentioned Service: s3.amazonaws.com instead of Service: sns.amazonaws.com in your SQS policy. Update the template and try.

    TopicToQueuePermission:
Type: AWS::SQS::QueuePolicy
Properties:
  Queues:
    - !Ref Queue
  PolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Principal:
          Service: s3.amazonaws.com
        Action: sqs:SendMessage
        Resource: !GetAtt Queue.Arn
        Condition:
          ArnEquals:
            aws:SourceArn: !Ref S3ObjectPutTopic