def add_lambda_subscription(
self,
function: Function,
delivery_policy: Optional[dict] = None) -> None:
"""Add a lambda subscription endpoint to topic.
:param function: lambda function that will be added as endpoint
:param delivery_policy: The delivery policy to assign to the subscription
"""
sub_params = {
key: val
for key, val in {
"Endpoint": function.arn,
"Protocol": "lambda",
"TopicArn": self.arn,
"DeliveryPolicy": delivery_policy,
}.items()
}
self.optional_resources.extend([
sns.SubscriptionResource(name_to_id(f"{function.name}Sub"),
**sub_params),
function.invoke_permission(name_suffix=self.name,
service="sns",
source_arn=self.arn),
])
def build_template(self, template=None):
if not template:
t = self._init_template()
else:
t = template
topic = t.add_resource(
sns.Topic(
"{}SNSTopic".format(self.stack_name),
TopicName=self.stack_name,
DisplayName=self.stack_name,
))
for s in self.subscriptions:
sub = s.build_subscription(t, topic)
subr = t.add_resource(
sns.SubscriptionResource('{}SNSSubscription'.format(s.name),
Protocol=sub[0],
Endpoint=sub[1],
TopicArn=Ref(topic)))
t.add_output(
[Output('{}SNSSubscription'.format(s.name), Value=Ref(subr))])
t.add_output(
[Output("{}SNSTopic".format(self.stack_name), Value=Ref(topic))])
return t
def add_resources(self):
"""Add resources to template."""
template = self.template
variables = self.get_variables()
template.add_resource(
sns.SubscriptionResource('Subscription',
Protocol=variables['Protocol'].ref,
Endpoint=variables['Endpoint'].ref,
TopicArn=variables['TopicARN'].ref))
def add_lambda_sns_topic_subscription(self, title, topic,
aws_lambda_function):
self.template.add_resource(
sns.SubscriptionResource(title + 'LambdaSubscriptionToTopic',
Protocol='lambda',
TopicArn=topic,
Endpoint=GetAtt(aws_lambda_function,
'Arn')))
self.template.add_resource(
awslambda.Permission(title + 'LambdaSubscriptionToTopicPermission',
FunctionName=Ref(aws_lambda_function),
Action='lambda:InvokeFunction',
Principal='sns.amazonaws.com',
SourceArn=topic))
from stacks.main.resources.lambda_handler import lambda_handler
from stacks.main.resources.bucket_updates_topic import bucket_updates_topic
from troposphere import sns, GetAtt, Ref
bucket_updates_topic_subscription = sns.SubscriptionResource(
"BucketUpdatesTopicSubscription",
Protocol="lambda",
Endpoint=GetAtt(lambda_handler, "Arn"),
TopicArn=Ref(bucket_updates_topic),
)
def createSQSConsumer(name, timeout=5, snsTopic=None):
res = {}
# create queue
res['QueueName'] = name + 'Queue'
queue = t.add_resource(
sqs.Queue(res['QueueName'], VisibilityTimeout=timeout * 2))
queueArn = GetAtt(res['QueueName'], 'Arn')
# create subscription
if (snsTopic):
res['SubscriptionName'] = name + 'Subscription'
subscription = t.add_resource(
sns.SubscriptionResource(
res['SubscriptionName'],
TopicArn=snsTopic,
Endpoint=queueArn,
Protocol='sqs',
RawMessageDelivery='true',
))
t.add_resource(
sqs.QueuePolicy(name + 'AllowSNS2SQSPolicy',
Queues=[queue.Ref()],
PolicyDocument={
"Version":
"2008-10-17",
"Id":
"PublicationPolicy",
"Statement": [{
"Sid": "Allow-SNS-SendMessage",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["sqs:SendMessage"],
"Resource": queue.GetAtt("Arn"),
"Condition": {
"ArnEquals": {
"aws:SourceArn": snsTopic
}
}
}]
}))
# create consumer function
res['FunctionName'] = name + 'Consumer'
consumer = t.add_resource(
serverless.Function(
res['FunctionName'],
Runtime=nodeRuntime,
CodeUri=lambdaSrcPath,
Handler=lambdaHandlerPath + name + 'Consumer.handler',
Timeout=timeout,
Events={
'SQSTrigger': {
'Type': 'SQS',
'Properties': {
'Queue': queueArn,
'BatchSize': 10
}
}
},
Policies=[
'arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole',
{
'Version':
'2012-10-17',
'Statement': [{
'Effect':
'Allow',
'Action': [
'sqs:ReceiveMessage',
'sqs:ChangeMessageVisibility', 'sqs:DeleteMessage'
],
'Resource':
GetAtt(res['QueueName'], 'Arn')
}],
}
],
VpcConfig=lambdaVpcConfig,
Environment=awslambda.Environment(None, Variables=lambdaEnvVars),
))
return res
DisplayName='AWS Config Notification Topic'))
config_topic_policy = template.add_resource(
sns.TopicPolicy("ConfigTopicPolicy",
Topics=[Ref(config_topic)],
PolicyDocument=PolicyDocument(Statement=[
Statement(Sid='AWSConfigSNSPolicy',
Action=[awacs.sns.Publish],
Effect=Allow,
Resource=Ref(config_topic),
Principal=config_service_principal)
])))
email_notification = template.add_resource(
sns.SubscriptionResource('EmailNotification',
Endpoint=Ref(notification_email),
Protocol='email',
TopicArn=Ref(config_topic)))
config_recorder_role = template.add_resource(
iam.Role(
'ConfigRecorderRole',
AssumeRolePolicyDocument=PolicyDocument(Statement=[
Statement(Effect=Allow,
Principal=config_service_principal,
Action=[awacs.sts.AssumeRole])
]),
Path='/',
ManagedPolicyArns=[
Sub('arn:${AWS::Partition}:iam::aws:policy/service-role/AWS_ConfigRole'
)
]))
from troposphere import (
Ref,
sns,
)
sns_topic = sns.Topic("SNSTopic", )
subscription = sns.SubscriptionResource('SNSTopicSubscription',
Protocol='email',
Endpoint='*****@*****.**',
TopicArn=Ref(sns_topic))
from troposphere import (
Ref,
sns,
)
# ============================================================================
# SNS
# ============================================================================
sns_topic = sns.Topic("SNSTopic", )
subscription = sns.SubscriptionResource('SNSTopicSubscription',
Protocol='email',
Endpoint='*****@*****.**',
TopicArn=Ref(sns_topic))