Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SNS Topic Policy can't be created and synth'd

See original GitHub issue

❓ General Issue

When creating an SNS TopicPolicy the Props only have topics as a field. However, there also needs to be a PolicyDocument field and without it an error occurs during synth. There doesn’t appear to be any way to set it, either through the Props in the constructor or after the fact.

The Question

With this minimum example:

const topic = new Topic(this, 'topic', {});
const tp = new TopicPolicy(this, 'tp', {
    topics: [topic],
});

An error occurs during synth:

Error: Resolution error: Supplied properties not correct for "CfnTopicPolicyProps"
  policyDocument: required but missing.

Environment

CDK CLI Version: 1.38.0 (build d5fa31f)
Module Version: 1.38.0
OS: Mac OS 10.15.4
Language: Typescript

Other information

Issue Analytics

State:
Created 3 years ago
Reactions:4
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

MrArnoldPalmercommented, Mar 16, 2021

So after spending some time researching this and talking to @rix0rrr, I think that the correct usage here is to use addStatements to add statements to the policy document post construction. You shouldn’t be synthesizing an empty policy document, and CFN won’t let you deploy one anyway. Here is a short example:

export class Issue10559Stack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const topic = new sns.Topic(this, 'Topic');
    const topicPolicy = new sns.TopicPolicy(this, 'Policy', {
      topics: [topic],
    });
    
    topicPolicy.document.addStatements(new iam.PolicyStatement({
        actions: ["sns:Subscribe"],
        principals: [new iam.AccountPrincipal('430030518091')],
        resources: [topic.topicArn] 
      })
    );
  }
}

General I’d recommend using addToResourcePolicy over creating a TopicPolicy but the above allows synthesizing one.

1reaction

SomayaBcommented, Aug 7, 2020

Hi @mbonig, sorry for the late reply. It does seem like this is a bug, I’m getting the same error. So I’ll file this as a bug and we’ll add it to our workload. In the meantime, you might want to try using Topic.addToResourcePolicy(statement) instead of TopicPolicy.

Top Results From Across the Web

Edit an Amazon SNS topic's access policy

To edit your Amazon SNS topic's access policy using the Amazon SNS console ... 1. Open the Amazon SNS console. 2. In the...

SNS to Lambda - Serverless Land

This pattern contains a sample AWS CDK stack to create a Lambda Function, a SNS Topic and the IAM permissions required to run...

cdk synth | AWS CDK Workshop

To synthesize a CDK app, use the cdk synth command. ... Type: AWS::SNS::Topic Properties: DisplayName: My First Topic Yeah Metadata: aws:cdk:path: ...

Cdk use existing vpc - Seba Online

I am creating SNS topic and HTTPS subscription using CDK and want to provide custom delivery retry policy. We are a leading provider...

How to install AWS CDK (step-by-step guide)

To create an AWS CDK project you can initialize it using the cdk init ... an Amazon SQS queue that is subscribed to...