Aws sns cross account subscription hangs on confirmation

farhad-taran · March 5, 2025, 4:45pm

Im trying to subscribe my sqs queue from account A to sns topic in account B but my sqs to sns subscription is failing on terraform apply after 2 minutes because its not able to auto confirm the subscription.

plan:

aws_sns_topic_subscription.storetime_offset_sqs_queue: Still creating... [2m0s elapsed]
╷
│ Error: waiting for SNS Topic Subscription (arn:aws:sns:eu-west-1:473655411111:store-eta-published:9b9de7b2-c240-46f2-a345-45431a123994) confirmation: timeout while waiting for state to become 'false' (last state: 'true', timeout: 2m0s)
│ 
│   with aws_sns_topic_subscription.store_eta_published_sqs_queue,
│   on store-eta-published-sqs.tf line 92, in resource "aws_sns_topic_subscription" "store_eta_published_sqs_queue":
│   92: resource "aws_sns_topic_subscription" "store_eta_published_sqs_queue" {
│ 
╵
╷
│ Error: waiting for SNS Topic Subscription (arn:aws:sns:eu-west-1:473655411111:store-time-offset-changed:ba4e0185-9697-499b-9710-c154c2e22545) confirmation: timeout while waiting for state to become 'false' (last state: 'true', timeout: 2m0s)
│ 
│   with aws_sns_topic_subscription.storetime_offset_sqs_queue,
│   on storetime-offset-sqs.tf line 92, in resource "aws_sns_topic_subscription" "storetime_offset_sqs_queue":
│   92: resource "aws_sns_topic_subscription" "storetime_offset_sqs_queue" {
│ 
╵

Exited with code exit status 1

sns policy:

resource "aws_sns_topic_policy" "cross_account_policy" {
  count = length(local.topic_names)
  arn   = aws_sns_topic.sns_topics.*.arn[count.index]
  policy = <<EOF
{
  "Version": "2008-10-17",
  "Id": "maverick_cross_account_subscription_policy",
  "Statement": [
    {
       "Effect":"Allow",
       "Principal":{
          "AWS":"392607711111"
       },
       "Action":"sns:subscribe",
       "Resource":"${aws_sns_topic.sns_topics.*.arn[count.index]}"
    }
  ]
}
EOF
}

sqs policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "topic-subscription-arn:arn:aws:sns:eu-west-1:473655482016:store-time-offset-changed",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
      "Resource": "dplus-storetime-offset-queue",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:sns:eu-west-1:473655411111:store-time-offset-changed"
        }
      }
    }
  ]
}

Topic		Replies	Views
SNS Topic Subscription confirmation error AWS	1	545	January 17, 2024
SNS subscription Terraform	1	969	October 19, 2021
Terraform cross account - retrieve SNS topic id from target account to source account Terraform	0	616	February 21, 2020
SNS Email Subscription Support Terraform	2	3004	December 17, 2020
SNS to SQS connection with KMS Terraform	0	686	June 1, 2022

Aws sns cross account subscription hangs on confirmation

Related topics