Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Support if you are a licensed user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines.

Hello @codenem and thanks for your report!

Just to confirm, is it possible to subscribe to a topic in Region A with a client configured in region B? I've just given it a try in AWS, and it raises an exception for me:

$ aws sqs create-queue --queue-name my-queue --region eu-west-1
{
    "QueueUrl": "https://eu-west-1.queue.amazonaws.com/<account-id>/my-queue"
}
$ aws sns create-topic --name my-topic --region us-east-1
{
    "TopicArn": "arn:aws:sns:us-east-1:<account-id>:my-topic"
}
$ aws sns subscribe --topic-arn "arn:aws:sns:us-east-1:<account-id>:my-topic" --protocol sqs --notification-endpoint "arn:aws:sqs:eu-west-1:<account-id>:my-queue" --region eu-west-1
An error occurred (InvalidParameter) when calling the Subscribe operation: Invalid parameter: TopicArn

The error message is different and I will fix that.

From the documentation, I believe the Subscribe call needs to be done in the same region as the topic lives:

The Amazon SNS subscription command must be executed in the region where Amazon SNS is hosted, in the corresponding region. For example, if Amazon SNS is in account "A" in the us-east-1 region, and the Lambda function is in account "B" in the us-east-2 region, the subscription CLI command must be executed in account "A" in the us-east-1 region.

https://docs.aws.amazon.com/sns/latest/dg/sns-cross-region-delivery.html

Please correct me if you have this exact setup working in AWS, but currently I'm unable to make it work.

Thanks!

Thanks for your answer @bentsku , indeed. I have provided those commands for quick reproduction, but we get the error from our CDK deployment on LocalStack (works on AWS). I'll double check the code and get back to you here, but we definitely get a different behavior (we use the same CloudFormation code).

@codenem, oh, in this case, this might a parameter we're not explicitly using in our CloudFormation handling. If you could share a small snippet from the template maybe, that could help debug the issue. Thanks again!

This might be somewhat related to aws/aws-cdk#13707, and we might not consider the CloudFormation Region field for the Subscription resource 👀

Yeah maybe, we're creating the subscription like so in Go:

queue := awssqs.NewQueue(
	defaultStack,
	namer.Format("queue"),
	&awssqs.QueueProps{
		QueueName: namer.Format("queue"),
	},
)

topic := awssns.NewTopic(
	stack,
	namer.Format("topic"),
	&awssns.TopicProps{
		EnforceSSL: aws.Bool(true),
		MasterKey:  masterKey,
		TopicName:  namer.Format("topic"),
	},
)

topic.AddSubscription(
	awssnssubscriptions.NewSqsSubscription(
		queue,
		&awssnssubscriptions.SqsSubscriptionProps{},
	),
)

I'm trying another approach, as for why it works in AWS, I guess they set the region now, or maybe when it is with an SQS queue (and not a lambda) that subscribes they have a different code branch.

Actually looking at the fix from the issue you linked, the subscription can either be in the topic's region or in the subscriber's (queue / lambda). So it seems that LS's implementation does not reflect this yet?

As for why the CLI command must subscribe in the same region, it is a separate topic than CDK.

@codenem yes, exactly. We did not support the Region parameter in the CloudFormation template for AWS::SNS::Subscription. I'm having a fix up at #12676, and this should fix your issue.

Looking at the fix for CDK you shared, it seems they have different code branch in CDK to automatically set the Region parameter in the generated CFN Template. This is definitely a CloudFormation issue in LocalStack to not consider this parameter, which leads to this failure.

If you could check that the AWS::SNS::Subscription in your generated CloudFormation template has the Region parameter set, so that we're sure we encounter the same error and that my fix will solve your issue? Thanks!

@bentsku I can confirm that for the subscriptions to a topic residing in another region than the subscriber, then the template shows the Region parameter on the subscription, and it is set to that of the topic (as per the PR from aws-cdk, since all my stacks have the region set in their env).

Awesome @codenem, then the PR linked will fix the issue for you once merged and available. Thanks for confirming! 🙏

I'll update you and ping you here once the fix is available in the latest Docker image.

Hello again @codenem, the fix is now part of the latest image. Could you please run docker pull localstack/localstack-pro:latest, give it a try and see if that fixes your issue?

Thank you!

Hi @bentsku, I can confirm that using the latest pro image, the template now looks exactly as on the versions prior to 4.4.0 of the docker image, i.e. the Region is present in the generated template where needed on the subscriptions and the deployment is successful. 🙏

Awesome, thanks for confirming @codenem, and the help getting through the end of it! I'll close the issue, thanks again for the report 🙏