Lambda cannot subscribe to SNS Topic in different region #5734
Description
Déjà-vu. I had this issue already in #4298 but this time I'm using a lambda which should subscribe to a SNS Topic in a different region. This also results in Cloudformation giving me a Invalid parameter: TopicArn
This is also discussed here: serverless/serverless#3676
Use Case
Unfortunately there are quite some use cases since aws provides some "own" topics where users can subscribe to get certain updates about new amis, bounces or in my case new ip address ranges.
const amazonIpSpaceChangedTopic = Topic.fromTopicArn(this, 'AmazonIpSpaceChangedTopic', 'arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged')
const amazonIpSpaceChangedFunction = new Function(this, 'AmazonIpSpaceChangedFunction', {
runtime: Runtime.PYTHON_3_8,
code: AssetCode.fromAsset('app/lambda/'),
handler: 'update_security_groups.lambda_handler',
vpc: vpc,
logRetention: RetentionDays.TWO_WEEKS,
allowAllOutbound: true,
})
amazonIpSpaceChangedFunction.addEventSource(new SnsEventSource(amazonIpSpaceChangedTopic))
const statement = new PolicyStatement()
statement.addActions('lambda:InvokeFunction')
statement.addActions('ec2:DescribeSecurityGroups')
statement.addActions('ec2:AuthorizeSecurityGroupIngress')
statement.addActions('ec2:RevokeSecurityGroupIngress')
statement.addResources('*')
amazonIpSpaceChangedFunction.addToRolePolicy(statement)Just fyi, it's using this lambda function: https://github.com/aws-samples/aws-cloudfront-samples/tree/master/update_security_groups_lambda
But the problem can't be solved within this lambda. It's the lambda making the connection to the SNS topic.
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request