[Migrated] SNS subscription fails if user is not owner of the topic

[jneves]

Originally from: https://github.com/Miserlou/Zappa/issues/1898 by yellowcap

Subscriptions to topics for which the user does not have the permissions for the SNS:ListSubscriptionsByTopic operation fail. This makes every update operation fail, as the schedule command is ran during the update routine.

Context

It looks like the error happens in the kappa sns event_source object, when trying to run the exists method. This method uses the list_subscription_by_topic method, which requires the list permissions on the topic.

Expected Behavior

The topic subscription should be successful.

Actual Behavior

An AuthorizationErrorException is raised.

Possible Fix

Replace the list_subscriptions_by_topic with list_subscriptions boto3 function in the exists method of the SNSEventSource class from kappa.

Steps to Reproduce

Set the event subscription provided below and run the zappa update command.

The error from the concrete use case:

ERROR:Unable to find event source arn:aws:sns:eu-west-1:214830741341:NewSentinel2Product 
Traceback (most recent call last): 
  File "/var/venv/lib/python3.6/site-packages/kappa/event_source/sns.py", line 36, in exists 
    TopicArn=self.arn) 
  File "/var/venv/lib/python3.6/site-packages/kappa/awsclient.py", line 83, in call 
    data = results.build_full_result() 
  File "/var/venv/lib/python3.6/site-packages/botocore/paginate.py", line 449, in build_full_result 
    for response in self: 
  File "/var/venv/lib/python3.6/site-packages/botocore/paginate.py", line 255, in __iter__ 
    response = self._make_request(current_kwargs) 
  File "/var/venv/lib/python3.6/site-packages/botocore/paginate.py", line 332, in _make_request 
    return self._method(**current_kwargs) 
  File "/var/venv/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call 
    return self._make_api_call(operation_name, kwargs) 
  File "/var/venv/lib/python3.6/site-packages/botocore/client.py", line 661, in _make_api_call 
    raise error_class(parsed_response, operation_name) 
botocore.errorfactory.AuthorizationErrorException: An error occurred (AuthorizationError) when calling the ListSubscriptionsByTopic operation: User: arn:aws:iam::***:user/*** is not authorized to perform: SNS:ListSubscriptionsByTopic on resource: arn:aws:sns:eu-west-1:214830741341:NewSentinel2Product 

Your Environment

• Zappa version used: zappa==0.47.1
• Operating System and Python version: Linux, Python 3.6.8
• Example of relevant section of zappa section:

  "events": [
  {
  "function": "myapp.myhandler",
  "event_source": {
    "arn": "arn:aws:sns:eu-west-1:214830741341:NewSentinel2Product",
    "events": [
      "sns:Publish"
    ]
  }
  }
  ]

[github-actions[bot]]

Hi there! Unfortunately, this Issue has not seen any activity for at least 90 days. If the Issue is still relevant to the latest version of Zappa, please comment within the next 10 days if you wish to keep it open. Otherwise, it will be automatically closed.

[github-actions[bot]]

Hi there! Unfortunately, this Issue was automatically closed as it had not seen any activity in at least 100 days. If the Issue is still relevant to the latest version of Zappa, please open a new Issue.