/* * Copyright 2013-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.amazonaws.services.sns.util; import com.amazonaws.AmazonClientException; import com.amazonaws.AmazonServiceException; import com.amazonaws.auth.policy.Policy; import com.amazonaws.auth.policy.Principal; import com.amazonaws.auth.policy.Resource; import com.amazonaws.auth.policy.Statement; import com.amazonaws.auth.policy.Statement.Effect; import com.amazonaws.auth.policy.actions.SQSActions; import com.amazonaws.auth.policy.conditions.ConditionFactory; import com.amazonaws.services.sns.AmazonSNS; import com.amazonaws.services.sns.model.SubscribeResult; import com.amazonaws.services.sqs.AmazonSQS; import com.amazonaws.services.sqs.model.QueueAttributeName; import com.amazonaws.services.sqs.model.SetQueueAttributesRequest; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; /** * Set of utility methods for working with Amazon SNS topics. */ public class Topics { /** * Subscribes an existing Amazon SQS queue to an existing Amazon SNS topic. *

* The specified Amazon SNS client will be used to send the subscription * request, and the Amazon SQS client will be used to modify the policy on * the queue to allow it to receive messages from the SNS topic. *

* The policy applied to the SQS queue is similar to this: * 

     * {
     *    "Version" : "2008-10-17",
     *    "Statement" : [{
     *       "Sid" : "topic-subscription-arn:aws:sns:us-west-2:599109622955:myTopic",
     *       "Effect" : "Allow",
     *       "Principal" : {
     *          "AWS":["*"]
     *       },
     *       "Action" : ["sqs:SendMessage"],
     *       "Resource":["arn:aws:sqs:us-west-2:599109622955:myQueue"],
     *       "Condition" : {
     *          "ArnLike":{
     *             "aws:SourceArn":["arn:aws:sns:us-west-2:599109622955:myTopic"]
     *          }
     *       }
     *    }]
     * }
     *
*

* IMPORTANT: If there is already an existing policy set for the * specified SQS queue, this operation will overwrite it with a new policy * that allows the SNS topic to deliver messages to the queue. *

* IMPORTANT: There might be a small time period immediately after * subscribing the SQS queue to the SNS topic and updating the SQS queue's * policy, where messages are not able to be delivered to the queue. After a * moment, the new queue policy will propagate and the queue will be able to * receive messages. This delay only occurs immediately after initially * subscribing the queue. *

* IMPORTANT: The specified queue and topic (as well as the SNS and * SQS client) should both be located in the same AWS region. * * @param sns * The Amazon SNS client to use when subscribing the queue to the * topic. * @param sqs * The Amazon SQS client to use when applying the policy to allow * subscribing to the topic. * @param snsTopicArn * The Amazon Resource Name (ARN) uniquely identifying the Amazon * SNS topic. This value is returned form Amazon SNS when * creating the topic. * @param sqsQueueUrl * The URL uniquely identifying the Amazon SQS queue. This value * is returned from Amazon SQS when creating the queue. * * @throws AmazonClientException * If any internal errors are encountered inside the client * while attempting to make the request or handle the response. * For example if a network connection is not available. * @throws AmazonServiceException * If an error response is returned by AmazonSNS indicating * either a problem with the data in the request, or a server * side issue. * * @return The subscription ARN as returned by Amazon SNS when the queue is * successfully subscribed to the topic. */ public static String subscribeQueue(AmazonSNS sns, AmazonSQS sqs, String snsTopicArn, String sqsQueueUrl) throws AmazonClientException, AmazonServiceException { return Topics.subscribeQueue(sns, sqs, snsTopicArn, sqsQueueUrl, false); } /** * Subscribes an existing Amazon SQS queue to an existing Amazon SNS topic. *

* The specified Amazon SNS client will be used to send the subscription * request, and the Amazon SQS client will be used to modify the policy on * the queue to allow it to receive messages from the SNS topic. *

* The policy applied to the SQS queue is similar to this: * 

     * {
     *    "Version" : "2008-10-17",
     *    "Statement" : [{
     *       "Sid" : "topic-subscription-arn:aws:sns:us-west-2:599109622955:myTopic",
     *       "Effect" : "Allow",
     *       "Principal" : {
     *          "AWS":["*"]
     *       },
     *       "Action" : ["sqs:SendMessage"],
     *       "Resource":["arn:aws:sqs:us-west-2:599109622955:myQueue"],
     *       "Condition" : {
     *          "ArnLike":{
     *             "aws:SourceArn":["arn:aws:sns:us-west-2:599109622955:myTopic"]
     *          }
     *       }
     *    }]
     * }
     *
*

* IMPORTANT: There might be a small time period immediately after * subscribing the SQS queue to the SNS topic and updating the SQS queue's * policy, where messages are not able to be delivered to the queue. After a * moment, the new queue policy will propagate and the queue will be able to * receive messages. This delay only occurs immediately after initially * subscribing the queue. *

* IMPORTANT: The specified queue and topic (as well as the SNS and * SQS client) should both be located in the same AWS region. * * @param sns * The Amazon SNS client to use when subscribing the queue to the * topic. * @param sqs * The Amazon SQS client to use when applying the policy to allow * subscribing to the topic. * @param snsTopicArn * The Amazon Resource Name (ARN) uniquely identifying the Amazon * SNS topic. This value is returned form Amazon SNS when * creating the topic. * @param sqsQueueUrl * The URL uniquely identifying the Amazon SQS queue. This value * is returned from Amazon SQS when creating the queue. * @param extendPolicy * Decides behavior to overwrite the existing policy or extend it. * * @throws AmazonClientException * If any internal errors are encountered inside the client * while attempting to make the request or handle the response. * For example if a network connection is not available. * @throws AmazonServiceException * If an error response is returned by AmazonSNS indicating * either a problem with the data in the request, or a server * side issue. * * @return The subscription ARN as returned by Amazon SNS when the queue is * successfully subscribed to the topic. */ public static String subscribeQueue(AmazonSNS sns, AmazonSQS sqs, String snsTopicArn, String sqsQueueUrl, boolean extendPolicy) throws AmazonClientException, AmazonServiceException { List sqsAttrNames = Arrays.asList(QueueAttributeName.QueueArn.toString(), QueueAttributeName.Policy.toString()); Map sqsAttrs = sqs.getQueueAttributes(sqsQueueUrl, sqsAttrNames).getAttributes(); String sqsQueueArn = sqsAttrs.get(QueueAttributeName.QueueArn.toString()); String policyJson = sqsAttrs.get(QueueAttributeName.Policy.toString()); Policy policy = extendPolicy && policyJson != null && policyJson.length() > 0 ? Policy.fromJson(policyJson) : new Policy(); policy.getStatements().add(new Statement(Effect.Allow) .withId("topic-subscription-" + snsTopicArn) .withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage) .withResources(new Resource(sqsQueueArn)) .withConditions(ConditionFactory.newSourceArnCondition(snsTopicArn))); Map newAttrs = new HashMap(); newAttrs.put(QueueAttributeName.Policy.toString(), policy.toJson()); sqs.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueUrl, newAttrs)); SubscribeResult subscribeResult = sns.subscribe(snsTopicArn, "sqs", sqsQueueArn); return subscribeResult.getSubscriptionArn(); } }