Skip to content

fix CloudFormation SNS Subscribe with Region parameter #12676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 28, 2025
Merged

fix CloudFormation SNS Subscribe with Region parameter #12676

merged 2 commits into from
May 28, 2025

Conversation

bentsku
Copy link
Contributor

@bentsku bentsku commented May 28, 2025

Motivation

As reported by #12670, we have an issue with cross-region subscriptions in CloudFormation for SNS.

This is because we need the client that does the subscription to be configured in the same region as the topic. This was for example an issue in CDK here: aws/aws-cdk#13707, solved by properly adding the Region parameter with aws/aws-cdk#17273

We did not consider this parameter at all.
I'm solving this by properly creating a client in the right region manually before doing the Subscribe call.

However, this is quite hacky because CloudFormation does not expose an easy way to do that with the exact same client configuration as the exposed default factory.
I'm directly accessing internal to make sure I'm creating the exact same client, but this is not great.
I prefer that to using connect_to however, because CloudFormation has a special client, and it takes into account all the proper credentials and not just the account_id and region (access key, secret key and token).

Changes

  • add a cross-region test for AWS::SNS::Subscription
  • fix the client in the CFN resource to use the proper region

@bentsku bentsku added this to the 4.5 milestone May 28, 2025
@bentsku bentsku self-assigned this May 28, 2025
@bentsku bentsku added the aws:cloudformation AWS CloudFormation label May 28, 2025
@bentsku bentsku added the aws:sns Amazon Simple Notification Service label May 28, 2025
@bentsku bentsku requested a review from simonrw as a code owner May 28, 2025 12:40
@bentsku bentsku added the semver: patch Non-breaking changes which can be included in patch releases label May 28, 2025
@bentsku bentsku mentioned this pull request May 28, 2025
Closed
1 task
@github-actions GitHub Actions
Copy link

Test Results - Preflight, Unit

21 579 tests  ±0   19 927 ✅ ±0   6m 14s ⏱️ -2s
     1 suites ±0    1 652 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit 300ca0c. ± Comparison against base commit a298730b.

@github-actions GitHub Actions
Copy link

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 8s ⏱️ +2s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 300ca0c. ± Comparison against base commit a298730b.

@github-actions GitHub Actions
Copy link

Test Results - Alternative Providers

597 tests   420 ✅  14m 46s ⏱️
  4 suites  177 💤
  4 files      0 ❌

Results for commit 300ca0c.

pinzon
pinzon approved these changes May 28, 2025
View reviewed changes
Copy link
Member

@pinzon pinzon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this solution 👍 .
Interesting how cross-region support is integrated on some CFn resource definitions.

localstack-core/localstack/services/sns/resource_providers/aws_sns_subscription.py
@@ -153,3 +156,23 @@ def update(
@staticmethod
def attr_val(val):
return json.dumps(val) if isinstance(val, dict) else str(val)

@staticmethod
def _get_client(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future we should make this utility available to other resource providers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed! We should probably have a simpler way to re-use the client_params, as I now have to access private attributes via request.aws_client_factory._client_creation_params, which isn't great. Maybe we should save them somewhere, I'm not sure 🤔

@github-actions GitHub Actions
Copy link

LocalStack Community integration with Pro

    2 files  ±0      2 suites  ±0   1h 42m 4s ⏱️ - 2m 49s
4 469 tests +1  4 081 ✅ +1  388 💤 ±0  0 ❌ ±0 
4 471 runs  +1  4 081 ✅ +1  390 💤 ±0  0 ❌ ±0 

Results for commit 300ca0c. ± Comparison against base commit a298730b.

@github-actions GitHub Actions
Copy link

Test Results (amd64) - Integration, Bootstrap

    5 files      5 suites   2h 22m 13s ⏱️
4 824 tests 4 283 ✅ 541 💤 0 ❌
4 830 runs  4 283 ✅ 547 💤 0 ❌

Results for commit 300ca0c.

@bentsku bentsku merged commit b90f172 into master May 28, 2025
57 checks passed
@bentsku bentsku deleted the fix-cfn-subscription-region branch May 28, 2025 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pinzon pinzon pinzon approved these changes

@baermat baermat Awaiting requested review from baermat baermat is a code owner

@dominikschubert dominikschubert Awaiting requested review from dominikschubert dominikschubert is a code owner

@simonrw simonrw Awaiting requested review from simonrw simonrw is a code owner

Assignees

@bentsku bentsku

Labels
aws:cloudformation AWS CloudFormation aws:sns Amazon Simple Notification Service semver: patch Non-breaking changes which can be included in patch releases
Projects
None yet
Milestone
4.5
Development

Successfully merging this pull request may close these issues.
2 participants
@bentsku @pinzon