Aws sns cross account subscription hangs on confirmation

Terraform
1

Im trying to subscribe my sqs queue from account A to sns topic in account B but my sqs to sns subscription is failing on terraform apply after 2 minutes because its not able to auto confirm the subscription.

enter image description here

plan:

aws_sns_topic_subscription.storetime_offset_sqs_queue: Still creating... [2m0s elapsed]
╷
│ Error: waiting for SNS Topic Subscription (arn:aws:sns:eu-west-1:473655411111:store-eta-published:9b9de7b2-c240-46f2-a345-45431a123994) confirmation: timeout while waiting for state to become 'false' (last state: 'true', timeout: 2m0s)
│ 
│   with aws_sns_topic_subscription.store_eta_published_sqs_queue,
│   on store-eta-published-sqs.tf line 92, in resource "aws_sns_topic_subscription" "store_eta_published_sqs_queue":
│   92: resource "aws_sns_topic_subscription" "store_eta_published_sqs_queue" {
│ 
╵
╷
│ Error: waiting for SNS Topic Subscription (arn:aws:sns:eu-west-1:473655411111:store-time-offset-changed:ba4e0185-9697-499b-9710-c154c2e22545) confirmation: timeout while waiting for state to become 'false' (last state: 'true', timeout: 2m0s)
│ 
│   with aws_sns_topic_subscription.storetime_offset_sqs_queue,
│   on storetime-offset-sqs.tf line 92, in resource "aws_sns_topic_subscription" "storetime_offset_sqs_queue":
│   92: resource "aws_sns_topic_subscription" "storetime_offset_sqs_queue" {
│ 
╵

Exited with code exit status 1

sns policy:

resource "aws_sns_topic_policy" "cross_account_policy" {
  count = length(local.topic_names)
  arn   = aws_sns_topic.sns_topics.*.arn[count.index]
  policy = <<EOF
{
  "Version": "2008-10-17",
  "Id": "maverick_cross_account_subscription_policy",
  "Statement": [
    {
       "Effect":"Allow",
       "Principal":{
          "AWS":"392607711111"
       },
       "Action":"sns:subscribe",
       "Resource":"${aws_sns_topic.sns_topics.*.arn[count.index]}"
    }
  ]
}
EOF
}

sqs policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "topic-subscription-arn:arn:aws:sns:eu-west-1:473655482016:store-time-offset-changed",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
      "Resource": "dplus-storetime-offset-queue",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:sns:eu-west-1:473655411111:store-time-offset-changed"
        }
      }
    }
  ]
}
2

sqs protocol for sns topic subscription does not support automatic confirmation. Your queue is going to receive a message during the terraform apply and it has to be manually confirmed. You can confirming it by sending a GET request to the message’s SubscribeURL.

This process is manual but can be coded by reading the queue message and programmatically sending that GET request. The manual process is outlined here: Step 3: Confirm your Amazon SNS subscription - Amazon Simple Notification Service