Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Unable to CreateSubscription for Notifications ( SQS, SP-API )

0

Hello,

I'm trying to Set up notifications (Amazon EventBridge workflow),

https://developer-docs.amazon.com/sp-api/docs/notifications-api-v1-use-case-guide#tutorial-set-up-notifications-amazon-eventbridge-workflow

Notification: LISTINGS_ITEM_MFN_QUANTITY_CHANGE

Do everything by provided manual ( link above ), however on the step 4. Create a subscription ( https://developer-docs.amazon.com/sp-api/docs/notifications-api-v1-use-case-guide#step-4-create-a-subscription ), I received a reply:

Forbidden (403) Response: { "errors": [ { "code": "Unauthorized", "message": "Access to requested resource is denied.", "details": "" } ] }

Checked multiple times all the steps and Access Policy in SQL settings, everything is meet.

Probably I need any additional permissions for IAM user Role to work with

  • EventBridge Bus / Rule ? ( To be allowed to accept notifications ) or Any additional policies to be allowed to send messages from EventsBridge to SQS ? In SQS I have set Access Policy according to manual.

Also, I have a try to check the messages in SQS queue, via "Poll for messages" button and changed the qty by item in Seller Central, and didn't received any message.

Could you please help me to resolve the issue or drive me to correct manual ?

Thank you.

Topics
ServerlessApplication IntegrationSecurity, Identity, & Compliance
Tags
IAM PoliciesAmazon Simple Queue ServiceAmazon EventBridge
Language
English
asked 10 months ago145 views
1 Answer
0

The 403 Forbidden error you're encountering when trying to create a subscription for notifications suggests there's an issue with permissions. Based on your description, there are a few potential causes and solutions:

  1. SQS Queue Policy Configuration: Make sure your SQS queue policy properly allows the EventBridge service to send messages to your queue. The policy should include:
  • "Service": "events.amazonaws.com" as the Principal
  • "Action": "sqs:SendMessage" permission
  • The correct Resource ARN for your SQS queue
  1. IAM Permissions: The IAM role or user you're using to create the subscription might need additional permissions. Ensure it has the necessary permissions to:
  • Create notification subscriptions
  • Work with EventBridge rules and targets
  • Access the SQS queue

  1. Protocol Configuration: When creating a notification subscription, ensure you're using the correct protocol. For SQS, you should be using either "HTTPS" or "SQS" as the protocol value, depending on the specific API requirements.

  2. EventBridge Rule Validation: If you've already created an EventBridge rule, verify that it's correctly configured to target your SQS queue.

For the issue of not receiving messages in your SQS queue after changing quantities in Seller Central, this could indicate that either:

  • The subscription wasn't successfully created
  • The EventBridge rule isn't properly configured
  • There might be a delay in processing the notifications

I recommend checking CloudTrail logs for any denied actions related to your SQS queue or EventBridge rules, which can provide more specific information about permission issues.
Sources
CreateNotificationSubscription - Amazon WorkDocs
Resolve EventBridge notification failures in Amazon SQS | AWS re:Post
AMS Subscription Error (eu-west-1): Unable to validate destination SQS queue despite correct policy | AWS re:Post

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content