connection timeout to SNS URL

0

I am trying to allow my application to reach sns through a newly created interface sns vpc endpoint. The application has the same security groups as the sns vpc endpoint and is in the same subnet group specified when endpoint was created. We do not have specific NACL rules that would block the services IP yet when I try and use aws sns publish --region region --topic-arn sns arn --message "test" , we receive the endpoint timeout url. Is there something we may have missed?

asked 2 years ago1349 views
2 Answers
0

Hello,

Did you check the SG and allow the same in the SNS for the new application to access ? Are you using the correct IAM role for the application or Does that IAM role have access to SNS ?

Link- https://docs.aws.amazon.com/sns/latest/dg/sns-authentication-and-access-control.html -- [1]

You can use X-Ray with Amazon SNS to trace and analyze the messages that travel through your application.

profile pictureAWS
SUPPORT ENGINEER
answered 2 years ago
  • Yes, both the web server and the sns vpe endpoint are using the same security group. We do not use xray at this time, maybe that can be another debugging option, though we can see rejected traffic in the Eni vpc flow logs.

0

Can you please create a separate Security Group for the SNS VPC end-point that allows HTTPS (443) inbound from the security group of the machine where your application is running? Also make sure that the VPC endpoint for SNS is in the correct region. As Chirag has mentioned, I would also make sure IAM permissions allow the role of the application to send SNS messages.

profile pictureAWS
EXPERT
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions