Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
How do I create a subscription between my Amazon SQS queue and an Amazon SNS topic in CloudFormation?
I want to create a subscription between my Amazon Simple Queue Service (Amazon SQS) queue and Amazon Simple Notification Service (Amazon SNS) topic in AWS CloudFormation.
Resolution
If the topic and queue are in the same stack, then use a CloudFormation template to create a topic that sends messages to SQS queues.
If the topic is in one stack and the queue is in another, then create a cross-stack reference. Both stacks must be in the same AWS Region. When you create a cross-stack reference, export the ARN of the SQS queue in one stack. Then, import the ARN in the subscription endpoint property of the SNS topic in the other stack.
If your SNS topic and SQS queue are in different Regions or AWS accounts, then use AWS::SNS::Subscription to set up either a cross-account or cross-Region subscription.
Set up a cross-account subscription
Configure Account A
In the CloudFormation template for the source stack, configure the following settings:
- Under Parameters, for Description, enter the destination account ID.
- For Resources, declare the AWS::SNS::Topic and AWS::SNS::TopicPolicy.
- Create an Outputs section to return the SNS TopicArn.
Example JSON template:
{ "Parameters": { "CrossAccountNumber": { "AllowedPattern": "[0-9]+", "Description": "The 12 digit AWS account number to grant access to.", "MaxLength": "12", "MinLength": "12", "Type": "String", "Default": 123456789101 } }, "Resources": { "SnsTopic": { "Type": "AWS::SNS::Topic" }, "SnsTopicPolicy": { "Type": "AWS::SNS::TopicPolicy", "DependsOn": "SnsTopic", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "SnsTopicPolicy", "Effect": "Allow", "Principal": { "AWS": { "Fn::Sub": "arn:aws:iam::${CrossAccountNumber}:root" } }, "Action": [ "sns:Subscribe" ], "Resource": { "Ref": "SnsTopic" } } ] }, "Topics": [ { "Ref": "SnsTopic" } ] } } }, "Outputs": { "SnsTopicArn": { "Value": { "Ref": "SnsTopic" } } } }
Example YAML template:
Parameters: CrossAccountNumber: AllowedPattern: '[0-9]+' Description: The 12 digit AWS account number to grant access to. MaxLength: '12' MinLength: '12' Type: String Default: 123456789101 Resources: SnsTopic: Type: AWS::SNS::Topic SnsTopicPolicy: Type: AWS::SNS::TopicPolicy DependsOn: SnsTopic Properties: PolicyDocument: Version: '2012-10-17' Statement: - Sid: SnsTopicPolicy Effect: Allow Principal: AWS: !Sub arn:aws:iam::${CrossAccountNumber}:root Action: - sns:Subscribe Resource: !Ref SnsTopic Topics: - !Ref SnsTopic Outputs: SnsTopicArn: Value: !Ref SnsTopic
Configure Account B
In the CloudFormation template for the destination stack, for Resources, declare the AWS::SNS::Subscription resource, the AWS::SQS::Queue, and the AWS::SQS::QueuePolicy.
Example JSON template:
{ "Parameters": { "SNSTopicARN": { "Type": "String", "Default": "awsSNSTopicArn" }, "TopicRegion": { "Type": "String", "Default": "us-east-1" } }, "Resources": { "Queue": { "Type": "AWS::SQS::Queue" }, "SqsQueuePolicy": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Id": "MyQueuePolicy", "Statement": [ { "Sid": "Allow-SNS-SendMessage", "Effect": "Allow", "Principal": "*", "Action": [ "sqs:SendMessage" ], "Resource": { "Fn::GetAtt": [ "Queue", "Arn" ] }, "Condition": { "ArnEquals": { "aws:SourceArn": { "Ref": "SNSTopicARN" } } } } ] }, "Queues" : [ { "Ref" : "Queue" } ] } }, "SnsSubscription": { "Type": "AWS::SNS::Subscription", "Properties": { "Protocol": "sqs", "Endpoint": { "Fn::GetAtt": [ "Queue", "Arn" ] }, "Region": { "Ref": "TopicRegion" }, "TopicArn": { "Ref": "SNSTopicARN" } } } } }
Example YAML template:
Parameters: SNSTopicARN: Type: String Default: awsSNSTopicArn TopicRegion: Type: String Default: us-east-1 Resources: Queue: Type: AWS::SQS::Queue SqsQueuePolicy: Type: AWS::SQS::QueuePolicy Properties: PolicyDocument: Version: '2012-10-17' Id: MyQueuePolicy Statement: - Sid: Allow-SNS-SendMessage Effect: Allow Principal: "*" Action: - sqs:SendMessage Resource: !GetAtt Queue.Arn Condition: ArnEquals: aws:SourceArn: !Ref SNSTopicARN Queues: - !Ref Queue SnsSubscription: Type: AWS::SNS::Subscription Properties: Protocol: sqs Endpoint: !GetAtt Queue.Arn Region: !Ref TopicRegion TopicArn: !Ref SNSTopicARN
Note: In the preceding example templates, under Parameters, replace awsSNSTopicArn with your SNS topic ARN. Also, replace us-east-1 with the Region of the stack in the source account (Account A).
Set up a cross-Region subscription
Configure Region A
In the CloudFormation template for the stack in one Region, configure the following settings:
- For Resources, declare the AWS::SNS::Topic.
- Create an Outputs section to return the SnsTopicArn.
Example JSON template:
{ "Resources": { "SnsTopic": { "Type": "AWS::SNS::Topic" } }, "Outputs": { "SnsTopicArn": { "Value": { "Ref": "SnsTopic" } } } }
Example YAML template:
Resources: SnsTopic: Type: AWS::SNS::Topic Outputs: SnsTopicArn: Value: !Ref SnsTopic
Configure Region B
In the CloudFormation template for the stack in the other Region, for Resources, declare the AWS::SNS::Subscription resource and AWS::SQS::Queue.
Example JSON template:
{ "Parameters": { "SNSTopicARN": { "Type": "String", "Default": "awsSNSTopicArnExample" }, "TopicRegion": { "Type": "String", "Default": "us-east-1" } }, "Resources": { "Queue": { "Type": "AWS::SQS::Queue" }, "SnsSubscription": { "Type": "AWS::SNS::Subscription", "Properties": { "Protocol": "sqs", "Endpoint": { "Fn::GetAtt": [ "Queue", "Arn" ] }, "Region": { "Ref": "TopicRegion" }, "TopicArn": { "Ref": "SNSTopicARN" } } } } }
Example YAML template:
Parameters: SNSTopicARN: Type: String Default: awsSNSTopicArnExample TopicRegion: Type: String Default: us-east-1 Resources: Queue: Type: AWS::SQS::Queue SnsSubscription: Type: AWS::SNS::Subscription Properties: Protocol: sqs Endpoint: !GetAtt Queue.Arn Region: !Ref TopicRegion TopicArn: !Ref SNSTopicARN
Note: In the preceding example templates, under Parameters, replace awsSNSTopicArnExample with your SNS topic ARN. Also, replace us-east-1 with the Region of the stack from Region A.
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
