logo
down
shadow

CloudFormation: Cannot create policy for SNS topic on AWS using serveless framework


CloudFormation: Cannot create policy for SNS topic on AWS using serveless framework

Content Index :

CloudFormation: Cannot create policy for SNS topic on AWS using serveless framework
Tag : amazon-web-services , By : Verbal
Date : January 12 2021, 09:11 PM

Does that help It looks like you're mixing JSON and YAML syntax for the REF. Also, just to be safe you should put quotes around your version as shown below.
Your Policy should look more like this
 SNSAddTopicPolicy:
    Type: AWS::SNS::TopicPolicy
    Properties:
        PolicyDocument:
          Id: 'accounts-sns-add-policy-dev'
          Version: '2012-10-17'
          Statement:
            Sid: 'accounts-sns-add-statement-dev'
            Effect: Allow
            # this probably needs narrowed down
            Principal:
              AWS: '*'
            Action: sns:Publish
            Resource: !Ref BucketAddEventInterfaceSNSTopic
        Topics:
          - !Ref BucketAddEventInterfaceSNSTopic

Comments
No Comments Right Now !

Boards Message :
You Must Login Or Sign Up to Add Your Comments .

Share : facebook icon twitter icon

Is it possible to create a SNS subscription with CloudFormation without creating a topic?


Tag : amazon-web-services , By : HokieGeek
Date : March 29 2020, 07:55 AM
I wish this helpful for you As you already discovered, AWS CloudFormation doesn't provide the expected AWS::SNS::Subscription resource (yet) and I'm not aware of this being possible by any other means, unfortunately - guess the rationale is that both are either managed within a template or externally, but your use case is sound and I can see no fundamental reason why this shouldn't be available (maybe they'll add it at some point, AWS is usually expanding their APIs over time to address such inconsistencies/missings).

create AWS IAM Policy using cloudformation


Tag : amazon-web-services , By : cheese_doodle
Date : March 29 2020, 07:55 AM
To fix this issue I managed to get your code snippet to work by referring to the Name of a role rather than the ARN.
As per the AWS::IAM::Policy documentation:

Create a CloudFormation only AWS policy


Tag : amazon-web-services , By : Rob
Date : March 29 2020, 07:55 AM
will help you The easiest way to achieve what you're looking to do would be to create a CloudFormation Service role, and grant your users the ability to pass this role to CloudFormation, and perform CloudFormation Creates, Updates, etc.
I've created a CloudFormation template with starting point roles and groups with policies that should do what you're looking for.
AWSTemplateFormatVersion: 2010-09-09
Resources:
  CloudFormationServiceRole:
    # This Role will actually do all of the heavy lifting and resouce
    # creation
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          -
            Effect: Allow
            Principal:
              Service:
                - cloudformation.amazonaws.com
            Action:
              - sts:AssumeRole
      Policies:
        -
          PolicyName: CloudformationAccess
          PolicyDocument:
            # This policy defines what the users can actually do
            # With Cloudformation
            Version: 2012-10-17
            Statement:
              - 
                Effect: Allow
                Action: "*"
                Resource: "*"
  UsersGroup:
    # The users will use the role, but do nothing themselves
    Type: AWS::IAM::Group
    Properties:
      Policies:
        -
          PolicyName: UsersCloudformationAccess
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - 
                Effect: Allow
                Action:
                  - cloudformation:*
                Resource: "*"
              -
                Effect: Allow
                Action:
                  - iam:GetRole
                  - iam:PassRole
                Resource: !GetAtt CloudFormationServiceRole.Arn

Cannot create SQS subscription to an SNS topic through Cloudformation in LocalStack


Tag : development , By : Alecsandru Soare
Date : March 29 2020, 07:55 AM
This might help you This has now been fixed: https://github.com/localstack/localstack/issues/1191
Although TopcArn and Endpoint still need to be hard-coded.

CloudFormation - not able to create SQS Policy


Tag : amazon-web-services , By : snapshooter
Date : March 29 2020, 07:55 AM
Does that help From AWS::SQS::QueuePolicy - AWS CloudFormation:
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "MySQS": {
            "Type": "AWS::SQS::Queue",
            "Properties": {
                "QueueName": "QueueName1"
            }
        },
        "MySQSPolicy": {
            "Type": "AWS::SQS::QueuePolicy",
            "Properties": {
                "Queues": [
                    {
                        "Ref": "MySQS"   <--- Changed
                    }
                ],
                "PolicyDocument": {
                    "Id": "QueuePolicy",
                    "Version": "2012-10-17",   <--- Added
                    "Statement": [
                        {
                            "Action": [
                                "sqs:SendMessage"
                            ],
                            "Effect": "Allow",
                            "Resource": {           <--- Added
                                "Fn::GetAtt": [
                                    "MySQS",
                                    "Arn"
                                ]
                            },
                            "Principal": {
                                "AWS": [
                                    "*"      <--- See note below
                                ]
                            }
                        }
                    ]
                }
            }
        }
    }
}
            "Principal" : {
               "AWS" : "arn:aws:iam::123456789012:user/myapp"
            },
Related Posts Related QUESTIONS :
  • Send email with custom from with amazon ses for several domains
  • amplify init fails on validation caused [$LATEST] inside 'stackName' value
  • Can't access my elasticsearch through public IP in EC2 instance
  • How can I connect to an Amazon RDS instance from my Docker image of springboot application?
  • AWS Kinesis + Lambda Function: can I invoke multiple instances of one Lambda Function concurrently in one shard?
  • Replace SSL cert on a CloudFront Distribution without downtime
  • ETLing S3 data into CSV via Athena and/or Glue
  • IAM - How to restrict access on queue creation?
  • AWS CloudWatch auto-reset (OK) alarm on trigger
  • EC2 instances not created while creating ECS cluster
  • AWS ALB routes to other ALBs
  • Proper way to handle not needed/old/stale AWS Athena partitions
  • How can I set "create a single schema for each s3 path" in cloudformation?
  • Where are my AWS Libs which I imported with nuget
  • Dynamodb UpdateExpression: "REMOVE #items[0]" appends new list element?
  • "Authentication required" SmtpException trying to send mail from EC2 instance
  • Athena performance on too many S3 files
  • Requires capability named IAM - ManagedPolicy
  • AWS ECS unable to run more than 10 number of tasks
  • AWS simple serverless architecture recomendation
  • AWS S3 log for DeleteObject?
  • In Powershell, how do I create a PatchOperation that adds AWS IAM authorization to an existing API Gateway Endpoint?
  • AWS RDS:user/redshift is not authorized to perform: rds:DescribeDBInstances
  • What action does iam:PassRole api perform?
  • DynamoDb - How exactly does the throughput limit works?
  • What is "EC2-Other" filter in "Cost Explorer" mean?
  • Applying Terraform On Two Different AWS Accounts In the Same Plan
  • How to setup a Subdomain of an existing domain in AWS?
  • Service discovery ecs aws
  • How to get the idToken for a user without the user's password? AWS-Cognito
  • AWS : Classic Load Balancer www.example.com not redirecting to https://www.example.com
  • Using AWS API in order to invoke Lambda functions Asynchronously
  • Application Load Balancers vs API Gateway
  • AWS CloudFormation custom resources not working
  • Import current state of my cloud AWS account with terraform
  • Dynamo DB: Difference between creating table with and without '--endpoint-url'
  • AWS Glue Job getting Access Denied when writing to S3
  • AWS Lambda - Is it possible to restrict an IAM role to create functions with a particular prefix?
  • how to write a IAM policy to give full s3 access but one directory
  • Trigger Alexa Skill From AWS Lambda
  • How long does a boto3 session persist? In my service, I'm looking to get instance from multiple regions and thinking of
  • AWS site-to-site VPN high availability
  • S3 notification creates multiple events
  • AccessDenied on AWS Athena
  • Not able to connect to AWS documentDb from Lambda
  • AWS s3 sync to upload if file does not exist in target
  • Is there a pseudocolumn in Hive/Presto to get the "last modified" timestamp of a given file?
  • Can AWS CloudWatch triggers a lambda function when SQS receives new message?
  • Can't assign list value to json policy in Terraform
  • Do I need to pass AWS AccessKey and AccessSecret while running AWS batch?
  • AWS Textract StartDocumentAnalysis function not publishing a message to the SNS Topic
  • Modify AWS AMI periodically
  • Can't export a EC2 AMI to another account because the AWS Marketplace OS is obsolete
  • User Friendly Unique Identifier For DynamoDB
  • Trying to automatically register my EC2 instances in Route 53
  • How to run Parallel builds with AWS Codebuild?
  • Javascript - Cannot initialize a AWS Textract object with AWS-SDK
  • Avoid Terraform module to create duplicate resources?
  • AWS ECS Fargate Container Healthcheck command
  • How can I solve a problem with tls: internal error in kubernetes
  • shadow
    Privacy Policy - Terms - Contact Us © scrbit.com