Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_sns: add grant_subscribe method to Topic construct #29049

Closed
2 tasks
CaptainDriftwood opened this issue Feb 9, 2024 · 4 comments · Fixed by #30486 · 4 remaining pull requests
Closed
2 tasks

aws_sns: add grant_subscribe method to Topic construct #29049

CaptainDriftwood opened this issue Feb 9, 2024 · 4 comments · Fixed by #30486 · 4 remaining pull requests
Labels
@aws-cdk/aws-sns Related to Amazon Simple Notification Service effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@CaptainDriftwood
Copy link

Describe the feature

Add grant_subscribe method to Sns topic construct

Use Case

Allow the Topic construct to expose a method to grant subscription permissions to a grantable resource. Would make it simpler instead of having to add the Policy statement to the resource policy.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.126.0

Environment details (OS name and version, etc.)

macOS 14.2.1
@CaptainDriftwood CaptainDriftwood added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 9, 2024
@github-actions github-actions bot added the @aws-cdk/aws-sns Related to Amazon Simple Notification Service label Feb 9, 2024
@CaptainDriftwood CaptainDriftwood changed the title (module name): (short issue description) aws_sns: add grant_subscribe method to Topic construct Feb 9, 2024
@pahud
Copy link
Contributor

pahud commented Feb 12, 2024

I guess addSubscription is what you need? Can you share more details where you need the grant method instead of addSubscription?

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 12, 2024
@CaptainDriftwood
Copy link
Author

@pahud If a topic wants to be created for a separate account to be able to subscribe to at their own pace, I wouldn't want to call addSubscription as I don't to force them to approve / set up the subscription when the topic is created. This is just a convenience method instead of having to call add_to_resource_policy and add the policy statement that way. grantSubscribe would allow me to just pass in a IGrantable, similar to grantPublish.

For example:

...
topic = sns.Topic(self)
# Give some account that will want to subscribe to this topic
# permissions to subscribe to it with any IAM Role/ Resource
topic.grant_subscribe(iam.AccountPrincipal("1234567890"))

@github-actions github-actions bot mentioned this issue Mar 1, 2024
Closed
@pahud
Copy link
Contributor

pahud commented Jun 3, 2024

Make sense to me. Please help us prioritize with 👍 and we welcome all PRs.

@mazyu36 mazyu36 mentioned this issue Jun 7, 2024
Merged
1 task
@mergify mergify bot closed this as completed in #30486 Jun 10, 2024
mergify bot pushed a commit that referenced this issue Jun 10, 2024
@mazyu36
feat(sns): add grantSubscribe method (#30486)
36a48ad 
### Issue # (if applicable)

Closes #29049.

### Reason for this change
Allow the Topic construct to expose a method to grant subscription permissions to a grantable resource.
It's useful when you want to allow entities, such as another AWS account or resources created later, to subscribe to the topic at their own pace, separating permission granting from the actual subscription process.



### Description of changes
Add grantSubscribe method to ITopic interface and TopicBase class.



### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Leo10Gama pushed a commit to Leo10Gama/aws-cdk that referenced this issue Jun 11, 2024
@mazyu36
feat(sns): add grantSubscribe method (aws#30486)
22acad3 
### Issue # (if applicable)

Closes aws#29049.

### Reason for this change
Allow the Topic construct to expose a method to grant subscription permissions to a grantable resource.
It's useful when you want to allow entities, such as another AWS account or resources created later, to subscribe to the topic at their own pace, separating permission granting from the actual subscription process.



### Description of changes
Add grantSubscribe method to ITopic interface and TopicBase class.



### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
mazyu36 added a commit to mazyu36/aws-cdk that referenced this issue Jun 22, 2024
@mazyu36
feat(sns): add grantSubscribe method (aws#30486)
4d9777f 
### Issue # (if applicable)

Closes aws#29049.

### Reason for this change
Allow the Topic construct to expose a method to grant subscription permissions to a grantable resource.
It's useful when you want to allow entities, such as another AWS account or resources created later, to subscribe to the topic at their own pace, separating permission granting from the actual subscription process.



### Description of changes
Add grantSubscribe method to ITopic interface and TopicBase class.



### Description of how you validated changes
Add unit tests and integ tests.


### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This was referenced Jul 5, 2024
Open
Open
This was referenced Jul 16, 2024
Open
Open
@NOUIY NOUIY mentioned this issue Jul 23, 2024
Open
@NOUIY NOUIY mentioned this issue Aug 1, 2024
Open
@gitafolabi gitafolabi mentioned this issue Aug 16, 2024
Open
@NOUIY NOUIY mentioned this issue Aug 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-sns Related to Amazon Simple Notification Service effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
2 participants
@pahud @CaptainDriftwood