fix(sns): topic policy is not created even if enforceSSL enabled #31569
Conversation
| { | ||
| 'Sid': '0', | ||
| 'Action': 'sns:*', | ||
| 'Effect': 'Allow', | ||
| 'Principal': { 'AWS': 'arn' }, | ||
| 'Resource': '*', | ||
| }, |
There was a problem hiding this comment.
Previously, the SSL policy was created after the addToResourcePolicy method was called. But now the SSL policy is created first, so this Sid by the addToResourcePolicy method will be 1, i.e. after the SSL policy.
This is NOT a breaking change, although it does cause a change in the CloudFormation template.
{
'Sid': '1',
'Action': 'sns:*',
'Effect': 'Allow',
'Principal': { 'AWS': 'arn' },
'Resource': '*',
},
moved to: #31569 (comment)
There was a problem hiding this comment.
I understand that it’s just a change to the Sid and that the policy itself remains unchanged, so it won’t result in a destructive change. That makes sense.
| { | ||
| 'Sid': '1', | ||
| 'Action': 'sns:*', | ||
| 'Effect': 'Allow', | ||
| 'Principal': { 'AWS': 'arn' }, | ||
| 'Resource': '*', | ||
| }, |
There was a problem hiding this comment.
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@Mergifyio update |
❌ Mergify doesn't have permission to updateFor security reasons, Mergify can't update this pull request. Try updating locally. |
|
@Mergifyio update |
❌ Mergify doesn't have permission to updateFor security reasons, Mergify can't update this pull request. Try updating locally. |
|
@GavinZZ Could you please handle it and merge? The
And the update with mergify failed: see the above comment. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #31569 +/- ##
=======================================
Coverage 80.84% 80.84%
=======================================
Files 232 232
Lines 14135 14135
Branches 2460 2460
=======================================
Hits 11428 11428
Misses 2427 2427
Partials 280 280
Flags with carried forward coverage won't be shown. Click here to find out more.
|
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Issue # (if applicable)
Closes #31558.
Reason for this change
SNS topic policy is not created even if
enforceSSLis enabled, until callingaddToResourcePolicymethod.But, originally, the policy should be created without calling the
addToResourcePolicymethod.Description of changes
The topic policy is created first if the
enforceSSLis enabled.Description of how you validated changes
Unit and integ tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license