search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 56 forks source link

[BUG][AWS::SNS::Subscription] Failed to update CFN stack with error "Invalid parameter: FilterPolicyScope: Invalid value [null]" #1840

Open yws-ss opened 12 months ago

yws-ss commented 12 months ago

Name of the resource

AWS::SNS::Subscription

Resource Name

No response

Issue Description

When using Cloudformation resource AWS::SNS::Subscription to create the SNS subscription. At first, it could successfully deploy the template with following format:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  SNSS2M2HB:
    Type: 'AWS::SNS::Subscription'
    Properties:
      TopicArn: 'arn:aws:sns:ap-northeast-1:9068199XXXXX:FargateTaskNotification'
      Endpoint: 'arn:aws:lambda:ap-northeast-1:9068199XXXXX:function:event-puller'
      Protocol: lambda
      FilterPolicy: '{"stage": ["dev"]}'
      FilterPolicyScope: MessageAttributes

When tried to remove the "FilterPolicyScope" section, the CFN stack updated failed with error message:

Invalid parameter: FilterPolicyScope: Invalid value [null]. Please use either MessageBody or MessageAttributes (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter; Request ID: cd9f6761-d459-50ba-8bf3-3ad740f2e744; Proxy: null)

I also tried to update stack with by removing filter policy and filter policy scope. However, we always got the error message "FilterPolicyScope: Invalid value [null]".

AWSTemplateFormatVersion: 2010-09-09
Resources:
  SNSS2M2HB:
    Type: 'AWS::SNS::Subscription'
    Properties:
      TopicArn: 'arn:aws:sns:ap-northeast-1:9068199XXXXX:FargateTaskNotification'
      Endpoint: 'arn:aws:lambda:ap-northeast-1:9068199XXXXX:function:event-puller'
      Protocol: lambda

Expected Behavior

The SNS API seems not accepted null value on "FilterPolicyScope". The CloudFormation should not keep invoke the "SetSubscriptionAttributes" with "null" value when we remove the "FilterPolicyScope". Also, per document mentioned, that field is optional.

Observed Behavior

With my investigation, I found the CFN invoked SNS API "SetSubscriptionAttributes" with following request parameter on every update behavior.

 "eventTime": "2023-04-14T22:19:14Z",
    "eventSource": "sns.amazonaws.com",
    "eventName": "SetSubscriptionAttributes",
    "awsRegion": "ap-northeast-1",
    "sourceIPAddress": "cloudformation.amazonaws.com",
    "userAgent": "cloudformation.amazonaws.com",
    "errorCode": "InvalidParameterException",
    "errorMessage": "Invalid parameter: FilterPolicyScope: Invalid value [null]. Please use either MessageBody or MessageAttributes",
    "requestParameters": {
        "subscriptionArn": "arn:aws:sns:ap-northeast-1:9068199XXXXX:sandbox-pubsub-record_store-20220928:c2beccc1-f1fe-4d3c-969e-701c660e6c74",
        "attributeName": "FilterPolicyScope"
    },
    "responseElements": null,

Test Cases

1) Create the Stack with following template:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  SNSS2M2HB:
    Type: 'AWS::SNS::Subscription'
    Properties:
      TopicArn: 'arn:aws:sns:ap-northeast-1:9068199XXXXX:FargateTaskNotification'
      Endpoint: 'arn:aws:lambda:ap-northeast-1:9068199XXXXX:function:event-puller'
      Protocol: lambda
      FilterPolicy: '{"stage": ["dev"]}'
      FilterPolicyScope: MessageAttributes

2) Remove both "FilterPolicyScope" and "FilterPolicy"

Other Details

No response