(aws-sns): AWS::SQS::QueuePolicy created by topic.addSubscription throws "Submitted policy is over max allowed size" if using the same queue for multiple topics

[danandreicarp]

Describe the feature

Hello,

I have a SQS queue that I'm trying to subscribe to multiple SNS topics.
The AWS::SQS::QueuePolicy generated by the addSubscription method is overly verbose and reaches the maximum allowed size.

It creates a separate statement for every topic:

{
  "Action": "sqs:SendMessage",
  "Condition": {
    "ArnEquals": {
      "aws:SourceArn": "arn:aws:sns:<aws_region>:<account_id>:<common_topic_name>-<unique_topic_suffix>"
    }
  },
  "Effect": "Allow",
  "Principal": {
    "Service": "sns.amazonaws.com"
  },
  "Resource": {
    "Fn::GetAtt": [
      "<sqs_queue_id>",
      "Arn"
    ]
  }
}

The only thing that's different is the value under ArnEquals.
The output policy should have a single Statement, with a ArnLike condition, with an array of topic ARNs.

Alternatively, one should have the option of not having the AWS::SQS::QueuePolicy generated automatically, and to create it using addToResourcePolicy instead.

Use Case

I don't have a workaround at this time for the scenario where my SQS queue must subscribe to many SNS topics.

Proposed Solution

See description.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.110

Environment details (OS name and version, etc.)

macOS Ventura 13.6.2

[pahud]

Closing in favor of #7732

Please help us prioritize by upvotes on #7732

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.