aws · hoffa · Mar 6, 2023 · Mar 2, 2023 · Mar 2, 2023 · Mar 2, 2023
@@ -51,3 +51,4 @@ def test_function_with_sns_intrinsics(self):
         subscription_arn = subscription["SubscriptionArn"]
         subscription_attributes = sns_client.get_subscription_attributes(SubscriptionArn=subscription_arn)
         self.assertEqual(subscription_attributes["Attributes"]["FilterPolicy"], '{"price_usd":[{"numeric":["<",100]}]}')
+        self.assertEqual(subscription_attributes["Attributes"]["FilterPolicyScope"], "MessageAttributes")
@@ -30,6 +30,7 @@ Resources:
                 - numeric:
                   - <
                   - 100
+            FilterPolicyScope: MessageAttributes
             Region:
               Ref: AWS::Region
             SqsSubscription: true

@@ -138,6 +138,7 @@ class SqsSubscription(BaseModel):
 
 class SNSEventProperties(BaseModel):
     FilterPolicy: Optional[PassThroughProp] = snseventproperties("FilterPolicy")
+    FilterPolicyScope: Optional[PassThroughProp] = snseventproperties("FilterPolicyScope")
     Region: Optional[PassThroughProp] = snseventproperties("Region")
     SqsSubscription: Optional[Union[bool, SqsSubscription]] = snseventproperties("SqsSubscription")
     Topic: PassThroughProp = snseventproperties("Topic")

diff --git a/samtranslator/internal/schema_source/sam-docs.json b/samtranslator/internal/schema_source/sam-docs.json
@@ -354,6 +354,7 @@
     },
     "sam-property-function-sns": {
       "FilterPolicy": "The filter policy JSON assigned to the subscription\\. For more information, see [GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html) in the Amazon Simple Notification Service API Reference\\.  \n*Type*: [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`FilterPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy) property of an `AWS::SNS::Subscription` resource\\.",
+      "FilterPolicyScope": "This attribute lets you choose the filtering scope by using one of the following string value types:  \n+ `MessageAttributes` \\(default\\) \\- The filter is applied on the message attributes\\.\n+ `MessageBody` \\- The filter is applied on the message body\\.\n*Required*: No  \n*Type*: String  \n*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)",
       "RedrivePolicy": "When specified, sends undeliverable messages to the specified Amazon SQS dead\\-letter queue\\. Messages that can't be delivered due to client errors \\(for example, when the subscribed endpoint is unreachable\\) or server errors \\(for example, when the service that powers the subscribed endpoint becomes unavailable\\) are held in the dead\\-letter queue for further analysis or reprocessing\\.  \nFor more information about the redrive policy and dead\\-letter queues, see [ Amazon SQS dead\\-letter queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html) in the *Amazon Simple Queue Service Developer Guide*\\.  \n*Type*: Json  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the `[ RedrivePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-redrivepolicy)` property of an `AWS::SNS::Subscription` resource\\.",
       "Region": "For cross\\-region subscriptions, the region in which the topic resides\\.  \nIf no region is specified, CloudFormation uses the region of the caller as the default\\.  \n*Type*: String  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`Region`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-region) property of an `AWS::SNS::Subscription` resource\\.",
       "SqsSubscription": "Set this property to true, or specify `SqsSubscriptionObject` to enable batching SNS topic notifications in an SQS queue\\. Setting this property to `true` creates a new SQS queue, whereas specifying a `SqsSubscriptionObject` uses an existing SQS queue\\.  \n*Type*: Boolean \\| [SqsSubscriptionObject](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-function-sqssubscriptionobject.html)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.",

@@ -486,13 +486,15 @@ class SNS(PushEventSource):
         "Topic": PropertyType(True, IS_STR),
         "Region": PropertyType(False, IS_STR),
         "FilterPolicy": PropertyType(False, dict_of(IS_STR, list_of(one_of(IS_STR, IS_DICT)))),
+        "FilterPolicyScope": PropertyType(False, IS_STR),
         "SqsSubscription": PropertyType(False, one_of(IS_BOOL, IS_DICT)),
         "RedrivePolicy": PropertyType(False, IS_DICT),
     }
 
     Topic: str
     Region: Optional[str]
     FilterPolicy: Optional[Dict[str, Any]]
+    FilterPolicyScope: Optional[str]
     SqsSubscription: Optional[Any]
     RedrivePolicy: Optional[Dict[str, Any]]
 
@@ -518,6 +520,7 @@ def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def]
                 self.Topic,
                 self.Region,
                 self.FilterPolicy,
+                self.FilterPolicyScope,
                 self.RedrivePolicy,
                 function,
             )
@@ -532,7 +535,14 @@ def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def]
 
             queue_policy = self._inject_sqs_queue_policy(self.Topic, queue_arn, queue_url, function)  # type: ignore[no-untyped-call]
             subscription = self._inject_subscription(
-                "sqs", queue_arn, self.Topic, self.Region, self.FilterPolicy, self.RedrivePolicy, function
+                "sqs",
+                queue_arn,
+                self.Topic,
+                self.Region,
+                self.FilterPolicy,
+                self.FilterPolicyScope,
+                self.RedrivePolicy,
+                function,
             )
             event_source = self._inject_sqs_event_source_mapping(function, role, queue_arn)  # type: ignore[no-untyped-call]
 
@@ -560,7 +570,14 @@ def to_cloudformation(self, **kwargs):  # type: ignore[no-untyped-def]
             self.Topic, queue_arn, queue_url, function, queue_policy_logical_id
         )
         subscription = self._inject_subscription(
-            "sqs", queue_arn, self.Topic, self.Region, self.FilterPolicy, self.RedrivePolicy, function
+            "sqs",
+            queue_arn,
+            self.Topic,
+            self.Region,
+            self.FilterPolicy,
+            self.FilterPolicyScope,
+            self.RedrivePolicy,
+            function,
         )
         event_source = self._inject_sqs_event_source_mapping(function, role, queue_arn, batch_size, enabled)  # type: ignore[no-untyped-call]
 
@@ -576,6 +593,7 @@ def _inject_subscription(  # noqa: too-many-arguments
         topic: str,
         region: Optional[str],
         filterPolicy: Optional[Dict[str, Any]],
+        filterPolicyScope: Optional[str],
         redrivePolicy: Optional[Dict[str, Any]],
         function: Any,
     ) -> SNSSubscription:
@@ -590,6 +608,9 @@ def _inject_subscription(  # noqa: too-many-arguments
         if filterPolicy is not None:
             subscription.FilterPolicy = filterPolicy
 
+        if filterPolicyScope is not None:
+            subscription.FilterPolicyScope = filterPolicyScope
+
         if redrivePolicy is not None:
             subscription.RedrivePolicy = redrivePolicy
 

@@ -10,6 +10,7 @@ class SNSSubscription(Resource):
         "TopicArn": GeneratedProperty(),
         "Region": GeneratedProperty(),
         "FilterPolicy": GeneratedProperty(),
+        "FilterPolicyScope": GeneratedProperty(),
         "RedrivePolicy": GeneratedProperty(),
     }
 

@@ -196069,6 +196069,16 @@
           "markdownDescription": "The filter policy JSON assigned to the subscription\\. For more information, see [GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html) in the Amazon Simple Notification Service API Reference\\.  \n*Type*: [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`FilterPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy) property of an `AWS::SNS::Subscription` resource\\.",
           "title": "FilterPolicy"
         },
+        "FilterPolicyScope": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/PassThroughProp"
+            }
+          ],
+          "description": "This attribute lets you choose the filtering scope by using one of the following string value types:  \n+ `MessageAttributes` \\(default\\) \\- The filter is applied on the message attributes\\.\n+ `MessageBody` \\- The filter is applied on the message body\\.\n*Required*: No  \n*Type*: String  \n*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)",
+          "markdownDescription": "This attribute lets you choose the filtering scope by using one of the following string value types:  \n+ `MessageAttributes` \\(default\\) \\- The filter is applied on the message attributes\\.\n+ `MessageBody` \\- The filter is applied on the message body\\.\n*Required*: No  \n*Type*: String  \n*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)",
+          "title": "FilterPolicyScope"
+        },
         "Region": {
           "allOf": [
             {

@@ -783,6 +783,9 @@
         },
         "FilterPolicy": {
           "type": "object"
+        },
+        "FilterPolicyScope": {
+          "type": "string"
         }
       },
       "required": [

@@ -2470,6 +2470,16 @@
           "markdownDescription": "The filter policy JSON assigned to the subscription\\. For more information, see [GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html) in the Amazon Simple Notification Service API Reference\\.  \n*Type*: [SnsFilterPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy)  \n*Required*: No  \n*AWS CloudFormation compatibility*: This property is passed directly to the [`FilterPolicy`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-subscription.html#cfn-sns-subscription-filterpolicy) property of an `AWS::SNS::Subscription` resource\\.",
           "title": "FilterPolicy"
         },
+        "FilterPolicyScope": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/PassThroughProp"
+            }
+          ],
+          "description": "This attribute lets you choose the filtering scope by using one of the following string value types:  \n+ `MessageAttributes` \\(default\\) \\- The filter is applied on the message attributes\\.\n+ `MessageBody` \\- The filter is applied on the message body\\.\n*Required*: No  \n*Type*: String  \n*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)",
+          "markdownDescription": "This attribute lets you choose the filtering scope by using one of the following string value types:  \n+ `MessageAttributes` \\(default\\) \\- The filter is applied on the message attributes\\.\n+ `MessageBody` \\- The filter is applied on the message body\\.\n*Required*: No  \n*Type*: String  \n*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)",
+          "title": "FilterPolicyScope"
+        },
         "Region": {
           "allOf": [
             {

@@ -30,6 +30,7 @@ def test_to_cloudformation_returns_permission_and_subscription_resources(self):
         self.assertEqual(subscription.Endpoint, "arn:aws:lambda:mock")
         self.assertIsNone(subscription.Region)
         self.assertIsNone(subscription.FilterPolicy)
+        self.assertIsNone(subscription.FilterPolicyScope)
         self.assertIsNone(subscription.RedrivePolicy)
 
     def test_to_cloudformation_passes_the_region(self):
@@ -56,6 +57,16 @@ def test_to_cloudformation_passes_the_filter_policy(self):
         subscription = resources[1]
         self.assertEqual(subscription.FilterPolicy, filterPolicy)
 
+    def test_to_cloudformation_passes_the_filter_policy_scope(self):
+        filterPolicyScope = "MessageAttributes"
+        self.sns_event_source.FilterPolicyScope = filterPolicyScope
+
+        resources = self.sns_event_source.to_cloudformation(function=self.function)
+        self.assertEqual(len(resources), 2)
+        self.assertEqual(resources[1].resource_type, "AWS::SNS::Subscription")
+        subscription = resources[1]
+        self.assertEqual(subscription.FilterPolicyScope, filterPolicyScope)
+
     def test_to_cloudformation_passes_the_redrive_policy(self):
         redrive_policy = {"deadLetterTargetArn": "arn:aws:sqs:us-east-2:123456789012:MyDeadLetterQueue"}
         self.sns_event_source.RedrivePolicy = redrive_policy
@@ -89,4 +100,5 @@ def test_to_cloudformation_when_sqs_subscription_disable(self):
         self.assertEqual(subscription.Endpoint, "arn:aws:lambda:mock")
         self.assertIsNone(subscription.Region)
         self.assertIsNone(subscription.FilterPolicy)
+        self.assertIsNone(subscription.FilterPolicyScope)
         self.assertIsNone(subscription.RedrivePolicy)
@@ -1,27 +1,28 @@
-Resources:
-  MyAwesomeFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      CodeUri: s3://sam-demo-bucket/hello.zip
-      Handler: hello.handler
-      Runtime: python2.7
-
-      Events:
-        NotificationTopic:
-          Type: SNS
-          Properties:
-            Topic: topicArn
-            Region: region
-            FilterPolicy:
-              store:
-              - example_corp
-              event:
-              - anything-but: order_cancelled
-              customer_interests:
-              - rugby
-              - football
-              - baseball
-              price_usd:
-              - numeric:
-                - '>='
-                - 100
+Resources:
+  MyAwesomeFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/hello.zip
+      Handler: hello.handler
+      Runtime: python2.7
+
+      Events:
+        NotificationTopic:
+          Type: SNS
+          Properties:
+            Topic: topicArn
+            Region: region
+            FilterPolicy:
+              store:
+              - example_corp
+              event:
+              - anything-but: order_cancelled
+              customer_interests:
+              - rugby
+              - football
+              - baseball
+              price_usd:
+              - numeric:
+                - '>='
+                - 100
+            FilterPolicyScope: MessageAttributes
@@ -1,31 +1,32 @@
-Resources:
-  SaveNotificationFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      CodeUri: s3://sam-demo-bucket/notifications.zip
-      Handler: index.save_notification
-      Runtime: nodejs12.x
-      Events:
-        NotificationTopic:
-          Type: SNS
-          Properties:
-            Topic: !Ref Notifications
-            SqsSubscription:
-              QueueUrl: !Ref Queue
-              QueueArn: !GetAtt Queue.Arn
-              QueuePolicyLogicalId: NotificationA
-              BatchSize: 8
-              Enabled: true
-            FilterPolicy:
-              store:
-              - example_corp
-              price_usd:
-              - numeric:
-                - '>='
-                - 100
-
-  Notifications:
-    Type: AWS::SNS::Topic
-
-  Queue:
-    Type: AWS::SQS::Queue
+Resources:
+  SaveNotificationFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/notifications.zip
+      Handler: index.save_notification
+      Runtime: nodejs12.x
+      Events:
+        NotificationTopic:
+          Type: SNS
+          Properties:
+            Topic: !Ref Notifications
+            SqsSubscription:
+              QueueUrl: !Ref Queue
+              QueueArn: !GetAtt Queue.Arn
+              QueuePolicyLogicalId: NotificationA
+              BatchSize: 8
+              Enabled: true
+            FilterPolicy:
+              store:
+              - example_corp
+              price_usd:
+              - numeric:
+                - '>='
+                - 100
+            FilterPolicyScope: MessageAttributes
+
+  Notifications:
+    Type: AWS::SNS::Topic
+
+  Queue:
+    Type: AWS::SQS::Queue
@@ -1,41 +1,42 @@
-Parameters:
-  SnsRegion:
-    Type: String
-    Default: us-east-1
-
-Conditions:
-  MyCondition:
-    Fn::Equals:
-    - true
-    - false
-
-Resources:
-  SaveNotificationFunction:
-    Type: AWS::Serverless::Function
-    Properties:
-      CodeUri: s3://sam-demo-bucket/notifications.zip
-      Handler: index.save_notification
-      Runtime: nodejs12.x
-      Events:
-        NotificationTopic:
-          Type: SNS
-          Properties:
-            FilterPolicy:
-              Fn::If:
-              - MyCondition
-              - price_usd:
-                - numeric:
-                  - '>='
-                  - 100
-              - price_usd:
-                - numeric:
-                  - <
-                  - 100
-            Region:
-              Ref: SnsRegion
-            SqsSubscription: true
-            Topic:
-              Ref: Notifications
-
-  Notifications:
-    Type: AWS::SNS::Topic
+Parameters:
+  SnsRegion:
+    Type: String
+    Default: us-east-1
+
+Conditions:
+  MyCondition:
+    Fn::Equals:
+    - true
+    - false
+
+Resources:
+  SaveNotificationFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/notifications.zip
+      Handler: index.save_notification
+      Runtime: nodejs12.x
+      Events:
+        NotificationTopic:
+          Type: SNS
+          Properties:
+            FilterPolicy:
+              Fn::If:
+              - MyCondition
+              - price_usd:
+                - numeric:
+                  - '>='
+                  - 100
+              - price_usd:
+                - numeric:
+                  - <
+                  - 100
+            FilterPolicyScope: MessageAttributes
+            Region:
+              Ref: SnsRegion
+            SqsSubscription: true
+            Topic:
+              Ref: Notifications
+
+  Notifications:
+    Type: AWS::SNS::Topic