Serverless-application-model: SNSPublishMessagePolicy create wrong Resource in policy document

Created on 20 Dec 2017  路  3Comments  路  Source: aws/serverless-application-model

When I use SNSPublishMessagePolicy in serverless function, SAM create wrong resurce with doubled region and id part

{
    "Statement": [
        {
            "Action": [
                "sns:Publish"
            ],
            "Resource": "arn:aws:sns:eu-central-1:705967961274:arn:aws:sns:eu-central-1:705967961274:ExampleTopic",
            "Effect": "Allow"
        }
    ]
}

the correct format should be "Resource": "arn:aws:sns:eu-central-1:705967961274:ExampleTopic"

arepolicy-templates typquestion
Source
picture polovi

Most helpful comment

Actually the !Ref returns the topic ARN. should !GetAtt ExampleTopic.TopicName instead of !Ref ExampleTopic

See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-topic.html#w2ab2c21c10d985c11

picture sanathkr on 8 Jan 2018
👍4

All 3 comments

Can you also paste the input SAM template snippet? It will help understand the problem better..

sanathkr picture sanathkr on 20 Dec 2017 
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Parameters:
  Stage:
    Type: String
  BuildBucketName:
    Type: String
  BuildObjectKey:
    Type: String
  ServiceName:
    Type: String

Globals:
  Function:
    Runtime: nodejs6.10
    MemorySize: 128
    Environment:
      Variables:
        ENVIRONMENT: !Ref Stage
        REGION: !Ref AWS::Region
    Tags:
      ServiceName: !Ref ServiceName
      Stage: !Ref Stage

Resources:
  ExampleFunction:
    Type: AWS::Serverless::Function
    Properties:
      Description: Desc
      Handler: example.handler
      Tracing: Active
      Policies:
        - DynamoDBCrudPolicy:
            TableName: !Ref ExampleTable
        - AWSXrayWriteOnlyAccess
        - SNSPublishMessagePolicy:
            TopicName: !Ref ExampleTopic
      CodeUri:
        Bucket: !Ref BuildBucketName
        Key: !Ref BuildObjectKey
      Environment:
        Variables:
          TABLE_NAME: !Ref ExampleTable
          TOPIC: !Ref ExampleTopic

 ExampleTable:
    Type: AWS::DynamoDB::Table
    Properties:
      AttributeDefinitions:
        - AttributeName: id
          AttributeType: S
      KeySchema:
        - AttributeName: id
          KeyType: HASH
      ProvisionedThroughput:
        ReadCapacityUnits: 1
        WriteCapacityUnits: 1
      Tags:
        - Key: ServiceName
          Value: !Ref ServiceName
        - Key: Stage
          Value: !Ref Stage

  ExampleTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: 'ExampleTopic'
polovi picture polovi on 20 Dec 2017

Actually the !Ref returns the topic ARN. should !GetAtt ExampleTopic.TopicName instead of !Ref ExampleTopic

See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-topic.html#w2ab2c21c10d985c11

sanathkr picture sanathkr on 8 Jan 2018
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PMudra picture PMudra  路  4Comments
yan12125 picture yan12125  路  3Comments
rhboyd picture rhboyd  路  3Comments
jiravani picture jiravani  路  3Comments
MaxVynohradov picture MaxVynohradov  路  3Comments