cross account aws sns subscriptions
185 views
Skip to first unread message
Tristan Hill
Feb 16, 2017, 3:16:48 PM2/16/17
to Terraform
Hi,
I've found quite detailed documentation covering cross account sns subscriptions at https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html and a bug referencing it at https://github.com/hashicorp/terraform/issues/5973 but still having issues.
I've turned on debug output and can see the subscribe works (using a Role in the sqs subscriber account) but after the subscribe Terraform does a GetSubscriptionAttributes which gets a forbidden error. It would seem for that call to work Terraform would need to use the sns account role as the sqs only has permission to actions = ["SNS:Subscribe", "SNS:Receive"] via the policy on the topic and nothing for the SubscriptionArn. Am I missing something?
Thanks
Tristan
I've found quite detailed documentation covering cross account sns subscriptions at https://www.terraform.io/docs/providers/aws/r/sns_topic_subscription.html and a bug referencing it at https://github.com/hashicorp/terraform/issues/5973 but still having issues.
I've turned on debug output and can see the subscribe works (using a Role in the sqs subscriber account) but after the subscribe Terraform does a GetSubscriptionAttributes which gets a forbidden error. It would seem for that call to work Terraform would need to use the sns account role as the sqs only has permission to actions = ["SNS:Subscribe", "SNS:Receive"] via the policy on the topic and nothing for the SubscriptionArn. Am I missing something?
Thanks
Tristan
Reply all
Reply to author
Forward
0 new messages