Open in app

Sign in

Write

Sign in

weekly misc items: November 16, 2020

diary of a codelovingyogi
2 min readSep 5, 2022
  1. was updating a stack in aws cloudformation and got a CREATE_FAILED with error:
Invalid parameter: TopicArn (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID: <request-id>; Proxy: null)

learned that if you provide the wrong topic ARN, it can cause this error.

we are using python’s troposphere library to help build cloudformation templates. i was trying to create a new queue to subscribe to a topic. we have our own code that wraps the troposphere functionality, but essentially using troposphere’s Template, did something like this:

# create the topic
jbhunt_topic = template.add_resource(
    Topic(
        'GatewayTopic',
        TopicName=<troposphere-join-object>, # resource display name 
        Tags=<dict-for-tags>)
    )
)

and the queue:

# create the queue
jbhunt_topic_queue = template.add_resource(
    Queue(
        'JbhuntSfQueue',
        TopicName=<troposphere-join-object>, # resource display name 
        Tags=<dict-for-tags>)
    )
)

i had the wrong topic arn here:

# create the subscription
template.add_resource(
    SubscriptionResource(
        title='JbhuntSfQueueSubscription',
        Protocol='sqs',
        Endpoint=jbhunt_topic_queue.get_att('Arn'),
        TopicArn=<topic-arn>
    )
)

2. trying to create and event notification for a prefix in s3, where messages will get sent to sqs. i try to specify destination using Choose from your SQS queues

but i get this error:

Unable to validate the following destination configurations

turns out i need to add an Access policy in the queue properties to allow s3 access to this queue:

{
  "Version": "2012-10-17",
  "Id": "arn:aws:sqs:<region>:<account_id>:<queue-name>/SQSDefaultPolicy",
  "Statement": [
    {
      "Sid": "<sid-id>",
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": [
        "SQS:SendMessage",
        "SQS:ReceiveMessage",
        "SQS:GetQueueUrl",
        "SQS:GetQueueAttributes",
        "SQS:ListDeadLetterSourceQueues"
      ],
      "Resource": "arn:aws:sqs:<region>:<account_id>:<queue-name>",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:s3:*:*:<bucket name>"
        }
      }
    }
  ]
}

there is a policy generator you can use AWS Policy Generator to help with this:

--

--

diary of a codelovingyogi

Written by diary of a codelovingyogi

27 Followers

quick notes, snippets, bugs, and fixes

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams