Skip to content

aws.sns-topic-subscription resource

Description

TopicSubscription manages a single subscription of an endpoint to an SNS topic. The protocol, endpoint, and topic ARN are fixed at subscribe time, so a change to any of them replaces the subscription; the policy and delivery attributes change in place. On create every set attribute rides the Subscribe call inline and an update reconciles each changed attribute with its own SetSubscriptionAttributes call.

Some protocols confirm out of band: SNS returns the subscription as pending and the real ARN is not known until the endpoint owner confirms. The auto-confirming protocols (sqs, lambda, firehose, application, sms, and http/https when the endpoint confirms itself) settle near-instantly, so the resource waits for confirmation and reads back the settled ARN; email, email-json, and unconfirmed http/https skip the wait and keep the ARN Subscribe returns. endpoint-auto-confirms and confirmation-timeout-in-minutes only steer that wait and are not SNS attributes.

Source: internal/service/sns/topic_subscription_rsrc.go:72

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.sns-topic-subscription {
    # Set input fields here.
  }
}

Inputs

protocol

string

required

topic-arn

string

required

endpoint

optional(string)

raw-message-delivery

optional(boolean)

filter-policy

optional(string)

filter-policy-scope

optional(string)

redrive-policy

optional(string)

delivery-policy

optional(string)

replay-policy

optional(string)

subscription-role-arn

optional(string)

endpoint-auto-confirms

optional(boolean)

confirmation-timeout-in-minutes

optional(integer)

Input Constraints

Protocol rules

Conditional requirement.

Rule logic
Require
input.protocol == 'application'
|| input.protocol == 'email'
|| input.protocol == 'email-json'
|| input.protocol == 'firehose'
|| input.protocol == 'http'
|| input.protocol == 'https'
|| input.protocol == 'lambda'
|| input.protocol == 'sms'
|| input.protocol == 'sqs'

subscription-role-arn is required when protocol is firehose.

Rule logic
When
input.protocol == 'firehose'
Require
input.subscription-role-arn != null

Filter policy scope rules

filter-policy-scope must be MessageAttributes or MessageBody.

Rule logic
When
input.filter-policy-scope != null
Require
input.filter-policy-scope == 'MessageAttributes'
|| input.filter-policy-scope == 'MessageBody'

Field combinations

Required together: filter-policy-scope and filter-policy.

Outputs

arn

string

owner

string

pending-confirmation

boolean

filter-policy-scope

string