Cross region SNS trigger #3676
Comments
|
Thanks for opening @matthisk 👍 🤔 right now Serverless assumes that everything will be deployed into one region. @eahefnawy do you have any idea if there's a possible solution / workaround available for this? |
pmuens
added
question
status/more-info-needed
and removed
question
status/more-info-needed
labels
|
I have the same problem. I need to subscribe to an us-east-1 ARN for the AWS marketplace but my whole infrastructure runs in us-west-2 |
|
@pmuens I don't think this is actually a Serverless issue. I looked into this once before and IIRC it is purely a CloudFormation issue. That seems to also be indicated by the error coming back from CloudFormation. I think the issue will need to be raised with AWS directly. |
|
Interestingly, even when I manually subscribed a Lambda function in a different region than the SNS topic, I had weird behavior. Here's what happened: When I went to the SNS topic in the web console, I could see the cross-account, cross-region subscription. But then when I went to the Lambda function in the web console, it showed me this:
Do we even know for sure if AWS supports cross-region SNS->Lambda subscriptions? I could not find any documentation saying they did. |
|
Interesting 🤔 Thanks for the update and investigation on this @jthomerson 👍
Not entirely sure about that. The first time I encountered it was this issue. |
|
@jthomerson We need this on our project. What are the next steps for follow up with AWS? I'm sure you guys can pull more strings than we can to get this worked out with CloudFormation |
|
@srg-avai Yes, you can subscribe cross-region like the FAQ says. However, you can not do it (or could not at the time that I wrote that post) via CloudFormation. Thus, I ended up having to make a custom resource that did the cross-region subscription, and using that custom CloudFormation resource rather than using the built-in CF SNS subscription resource. Obviously, that's not an option for the SLS team (since we'd all have to deploy custom resources to use SLS), but maybe their connections / weight with AWS could get the issue noticed if someone on their team reported it to AWS. |
|
@jthomerson thank you, do you mind providing some more detail? i'm interested in the custom resource approach... could you share an example to head start me (and anyone in the future with this prob) on this? |
|
fwiw anyone else reading this... the approach jthomerson describes above is as follows:
|
|
I have created a Gist showing how to implement the custom resource with SLS: https://gist.github.com/jscattergood/00a2ea6a80fe41a74c5c7efed1b238b4 |
|
This is now supported in cloudformation, however, you have to add target region within cfn. In above example, lambda is in us-east-2, and it is subscribing to an sns in us-east-1. The "Region" allows you to do that. |
I was able to modify my serverless.yml resources:
Resources
SubNameFromGeneratedCfn:
Properties:
Region: eu-west-1I also had to ensure that custom:
pseudoParameters:
skipRegionReplace: true |
|
Hi, My "LambdaFunction" is created in a EU region and I am subscribing tot the "AmazonIpSpaceChanged" SNS notification in "us-east-1" See CFN json sniped below. Regards, ` ` |
|
Whilst there is now a workaround available it would be great if there was first class support for this on the sns event in serverless. |
|
The sns topic is in the region eu-west-1 (not created using cloud formation) so permission is added manually in topic policy and lambda is in different region us-west-2 and using cloud formation. How to provide permission in this case? As I am getting same error "invalid parameter: TopicArn". { |
|
@Imran99 Could you please share you |
|
Hey all - sorry if this is just me being dense, but this took me a while to figure out and I want to add a couple clarifications in case they help out others who run into this issue. My lambda functions are in us-east-2, but I wanted to use a SNS queue in us-east-1 as a trigger. I originally tried this in my serverless.yml file, but I got the "invalid parameter: TopicArn" error (like the original poster). I didn't know enough about serverless or cloudformation to know what @Imran99 meant by SubNameFromGeneratedCfn, so it took a lot of head scratching and searching. Bottom line: use Imran99's workaround, but note you'll need to search .serverless/cloudformation-template-update-stack.json to figure out SubNameFromGeneratedCfn. Thank you all for the workaround! |
@dschep why was this issue closed? I do not see any messages from maintainers as to whether this issue will be addressed. There isn't a pending PR either. |
|
I've raised PR #6366 that should add this functionality. |
Why would I get the following error even if I follow your example? My lambda function is deployed to us-west-1 functions:
handleEmailBounce:
handler: handler.handleEmailBounce
# notificationArn: ${self:provider.TopicArn}
events:
- sns: ${self:provider.TopicArn} # arn:aws:sns:us-east-1:${self:provider.awsAccountId}:ses-bounces-topic
resources:
Resources:
HandleEmailBounceSnsSubscriptionsesbouncestopic:
Type: AWS::SNS::Subscription
Properties:
Region: us-east-1
# TopicArn: arn of lambda
# Protocol: lambdaEven if you add TopicArn and Protocol properties, I'm still getting errors.... |
|
@isaacList You no longer need the cloudformation override (I added this in my PR above). Can you try again with the latest version of serverless without the resources override. |
|
@herebebogans Yeah I have updated to the latest version. I can successfully deploy the application without any errors, but I can't find SNS trigger when I go to AWS lambda trigger or find Subscription in the SNS console of us-east-1 region..... The AWS account is the same |
|
Try the longer form for the event I'll look into why the short form is not adding it. |
|
@herebebogans I am exactly this longer form... But I can't see SNS trigger in Lambda console... |
|
@isaacList Can you post the relevant snippets from serverless.yml .. eg your provider section + the function definition? |
|
@herebebogans Here you are.... service:
name: email-bounce-receiver
provider:
name: aws
config: ${file(serverless/${env:NODE_ENV}.yml)}
vpcSettings: ${file(vpc_settings.yml)}
vpc: ${self:provider.vpcSettings.vpc} #securityGroupIds: [xxx] subnetIds: [xxx]
runtime: provided
stage: ${env:NODE_ENV} #dev
awsAccountId: ${self:provider.config.awsAccountId}
region: ${self:provider.config.region} # us-west-1
stack: ${self:provider.config.stack} #somestring
TopicArn: arn:aws:sns:us-east-1:${self:provider.awsAccountId}:ses-bounces-topic
package:
artifact: ./artifact.zip
functions:
handleEmailBounce:
handler: handler.handleEmailBounce
events:
- sns:
arn: ${self:provider.TopicArn}
layers:
- arn:aws:lambda:${self:provider.region}:${self:provider.awsAccountId}:layer:nodejs-10:1
environment:
NODE_ENV: ${env:NODE_ENV}
NODE_APP_INSTANCE: ${env:NODE_APP_INSTANCE}
vpc: ${self:provider.vpc}
reservedConcurrency: 1 |
|
Indent arn in the event two more spaces :-) |
|
Ok You have corrected the sample code. It works perfectly now. Thanks a lot. 😆
|
In Account1 we subscribe SNS in region us-west-1, it will fail with error "Error code: InvalidParameter - Error message: Invalid parameter: TopicArn" We need to switch Account1 to region us-east-1 to do the subscription, it will success. |
|
Seems like this other workaround of adding a Repeating working snippet from #4742 (comment) here in case it helps anyone since this issue #3676 seems to come up when searching this problem: |
This is a (Bug Report)
Description
When trying to deploy a lambda with an SNS trigger in a different region the cloudformation script fails.
Cloudformation fails to create SNS event subscription for lambda with error:
invalid parameter: TopicArnExpected the lambda to deploy (via cloudformation) with a trigger on an SNS topic in a different region.
Similar or dependent issues:
Additional Data
The text was updated successfully, but these errors were encountered: