2

I configured AWS EventBridge to post events to an SNS target. When an event is received, the SNS target is never triggered and none of the SNS subscribers get the event.

If I add other targets to EventBridge it works (eg, Lambda) but the SNS does not. Adding a dead-letter queue to SQS show there's a permissions issue:

SQS error

However, changing the Access Policy of SNS does not work.

Diego Jancic
  • 7,280
  • 7
  • 52
  • 80

3 Answers3

4

If encryption is enabled for SNS, disabling it is not the solution. Rather give events service the required access policy to encrypted SNS topic.

More details on following link here: https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-receive-sns-for-alarm-trigger/#:~:text=If%20the%20SNS%20topic%20must,messages%20to%20encrypted%20SNS%20topics.

Replace cloudwatch.amazonaws.com to events.amazonaws.com

user2899764
  • 69
  • 4
  • As per the link though, the use of AWS managed keys won't work because there is no option for setting a key policy on them. The OP doesn't indicate the key type, so impossible to know, but the accepted answer is therefore likely to be incorrect (or at least less than ideal) and this answer should be the accepted one. – Robert Swift Jul 13 '21 at 00:16
1

Update:

It seems encryption is not supported if using the default AWS Key Management Service (KMS). It can be configured using customer managed keys as explained in this other answer.

Old answer:

The problem seems to be a configuration issue or even a bug in AWS. If the SNS Topic has Encryption At-Rest enabled, then it fails.

The solution is to disable Encryption under the SNS Topic settings:

SNS Topic Encryption Disabled

Diego Jancic
  • 7,280
  • 7
  • 52
  • 80
0

This issue was with using the AWS-managed keys(aws/sns).

Changing to Customer managed keys worked for me.

You can also add multiple targets to check if logs are generating. The easiest would be log-group.

Dhanush N
  • 1
  • 1