I have problems assigning my sqs queue the correct policy so that any sns topic can send a message to it whenever this queue gets subscribed to it. I tried to use UpdatePolicy and Metadata in serverless without any effect:
resources:
Resources:
DevNull:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.serviceName}-${self:provider.stage}-dev-null-queue
UpdatePolicy:
policy:
statement:
- Effect: Allow
Principal:
Service: sns.amazonaws.com
Action: sqs:SendMessage
Resource: '*'
Metadata:
AWS::CloudFormation::CustomResource:
policyStatements:
- Effect: Allow
Principal:
Service: sns.amazonaws.com
Action:
- 'sqs:SendMessage'
Resource: '*'
I also can not see any changes in the "Access policy(Permission)" tab in the aws console after deployment. I subscribed an email address to double check if the messages are sent and I get them all via email but there is none in the sqs.
I found a SAM template which does what I need but I have no idea how to write this with the serverless framework and I can not find any documentation on this.
You need a QueuePolicy that will allows SNS to send a message to the queue. This is an example from one of my projects, hope it helps :)
Resources:
MyQueue:
Type: AWS::SQS::Queue
Properties:
RedrivePolicy:
deadLetterTargetArn:
Fn::GetAtt:
- MyQueueDLQ
- Arn
maxReceiveCount: 5
MyQueueDLQ:
Type: AWS::SQS::Queue
SNSTopicToMyQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: 'allow-sns-messages'
Effect: Allow
Principal:
Service: 'sns.amazonaws.com'
Resource:
Fn::GetAtt:
- MyQueue
- Arn
Action: 'SQS:SendMessage'
# COMMENT THIS IN IF YOU WANT IT TO ONLY ALLOW A CERTAIN SNS TOPIC
# Condition:
# ArnEquals:
# 'aws:SourceArn':
# Ref: MySNSTopic
Queues:
- Ref: MyQueue
// If you want the queue to subscribe to a certain topic
QueueSubscription:
Type: AWS::SNS::Subscription
Properties:
TopicArn:
Ref: MySNSTopic
Endpoint:
Fn::GetAtt:
- MyQueue
- Arn
Protocol: sqs
RawMessageDelivery: true