Open jaychung-aws opened 1 week ago
Reproducible using customer provided code. Simply using the below code doesn't create AWS::SNS::TopicPolicy
at all (AWS CDK version 2.160.0 (build 7a8ae02)
):
import * as cdk from 'aws-cdk-lib';
import * as sns from 'aws-cdk-lib/aws-sns';
export class CdktestStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const topic = new sns.Topic(this, 'MySNSTopic', {
topicName: 'my-sns-topic',
enforceSSL: true,
});
}
}
PR https://github.com/aws/aws-cdk/pull/31569 contributed by community addresses the issue.
Describe the bug
CDK Version used: 2.147.2
Steps to Reproduce:
enforceSSL
prop set to true.const stack = new cdk.Stack();
const topic = new sns.Topic(stack, 'MySNSTopic', { topicName: 'my-sns-topic', enforceSSL: true, });
{ "Action": "sns:Publish", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "*", "Resource": { "Ref": "SnsTopicStdAllProps5206973F" }, "Sid": "AllowPublishThroughSSLOnly" }
import as cdk from 'aws-cdk-lib'; import as sns from 'aws-cdk-lib/aws-sns';
const stack = new cdk.Stack();
const topic = new sns.Topic(stack, 'MySNSTopic', { topicName: 'my-sns-topic', enforceSSL: true, }); topic.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, principals: [ new iam.ServicePrincipal('sns.amazonaws.com'), ], actions: [ 'SNS:Publish', ], resources: [ '*', ], }));
"SnsTopicStdAllPropsPolicy76A2A260": { "Type": "AWS::SNS::TopicPolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "SNS:Publish", "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" }, "Resource": "", "Sid": "0" }, { "Action": "sns:Publish", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "", "Resource": { "Ref": "SnsTopicStdAllProps5206973F" }, "Sid": "AllowPublishThroughSSLOnly" } ], "Version": "2012-10-17" }, "Topics": [ { "Ref": "SnsTopicStdAllProps5206973F" } ] }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "TestedConstructStacks-SNSTopicStdAllProperties-stack/SnsTopicStdAllProps/Policy/Resource" } }
import as cdk from 'aws-cdk-lib'; import as sns from 'aws-cdk-lib/aws-sns';
const stack = new cdk.Stack();
const topic = new sns.Topic(stack, 'MySNSTopic', { topicName: 'my-sns-topic', enforceSSL: true, });
{ "Action": "sns:Publish", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "*", "Resource": { "Ref": "SnsTopicStdAllProps5206973F" }, "Sid": "AllowPublishThroughSSLOnly" }
import as cdk from 'aws-cdk-lib'; import as sns from 'aws-cdk-lib/aws-sns';
const stack = new cdk.Stack();
const topic = new sns.Topic(stack, 'MySNSTopic', { topicName: 'my-sns-topic', enforceSSL: true, }); topic.addToResourcePolicy(new iam.PolicyStatement({ effect: iam.Effect.ALLOW, principals: [ new iam.ServicePrincipal('sns.amazonaws.com'), ], actions: [ 'SNS:Publish', ], resources: [ '*', ], }));
"SnsTopicStdAllPropsPolicy76A2A260": { "Type": "AWS::SNS::TopicPolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "SNS:Publish", "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" }, "Resource": "", "Sid": "0" }, { "Action": "sns:Publish", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "", "Resource": { "Ref": "SnsTopicStdAllProps5206973F" }, "Sid": "AllowPublishThroughSSLOnly" } ], "Version": "2012-10-17" }, "Topics": [ { "Ref": "SnsTopicStdAllProps5206973F" } ] }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "TestedConstructStacks-SNSTopicStdAllProperties-stack/SnsTopicStdAllProps/Policy/Resource" } }