AWS SNS edit topic policy - C#












0














I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:



{

  "Sid": "__console_sub_0",

  "Effect": "Allow",

  "Principal": {

    "AWS": "*"

  },

  "Action": [

    "SNS:Subscribe",

    "SNS:Receive"

  ],

  "Resource": "arn:aws:sns:MYARN"

}


This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.



What I've tried so for:



1)



Policy snsPolicy = new Policy().WithStatements(

            new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)

            .WithPrincipals(Principal.AllUsers)

            .WithResources(new Resource("arn:aws:sns:MYARN"))

            );

        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();

        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";

        setTopicAttributesRequest.AttributeName = "Policy";

        setTopicAttributesRequest.AttributeValue = "test val";


Result:



Invalid parameter: Policy Error: null


2) 



  AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);

        snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");



            List<string> tl = new List<string>();

        tl.Add("*");

        List<string> tl2 = new List<string>();

        tl2.Add("SNS:Subscribe"); 

        tl2.Add("SNS:Receive");

        Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);


Result: 



Invalid parameter: Policy statement action out of service scope!


In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?



Thank you



EDIT



I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:



             AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);            

        Policy snsPolicy = new Policy();

        snsPolicy.Id = "test_id";

        snsPolicy.Statements.Add(statment);

        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();

        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";

        setTopicAttributesRequest.AttributeName = "Policy";

        setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();

        snsClient.SetTopicAttributes(setTopicAttributesRequest);


But the error "Invalid parameter: Policy Error: null" is the same.






amazon-web-services amazon-sns







share|improve this question





























    0














    I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:



    {
    
  "Sid": "__console_sub_0",
    
  "Effect": "Allow",
    
  "Principal": {
    
    "AWS": "*"
    
  },
    
  "Action": [
    
    "SNS:Subscribe",
    
    "SNS:Receive"
    
  ],
    
  "Resource": "arn:aws:sns:MYARN"
    
}


    This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.



    What I've tried so for:



    1)



    Policy snsPolicy = new Policy().WithStatements(
    
            new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
    
            .WithPrincipals(Principal.AllUsers)
    
            .WithResources(new Resource("arn:aws:sns:MYARN"))
    
            );
    
        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
    
        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
    
        setTopicAttributesRequest.AttributeName = "Policy";
    
        setTopicAttributesRequest.AttributeValue = "test val";


    Result:



    Invalid parameter: Policy Error: null


    2) 



      AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
    
        snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
    

    
            List<string> tl = new List<string>();
    
        tl.Add("*");
    
        List<string> tl2 = new List<string>();
    
        tl2.Add("SNS:Subscribe"); 
    
        tl2.Add("SNS:Receive");
    
        Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);


    Result: 



    Invalid parameter: Policy statement action out of service scope!


    In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?



    Thank you



    EDIT



    I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:



                 AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);            
    
        Policy snsPolicy = new Policy();
    
        snsPolicy.Id = "test_id";
    
        snsPolicy.Statements.Add(statment);
    
        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
    
        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
    
        setTopicAttributesRequest.AttributeName = "Policy";
    
        setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
    
        snsClient.SetTopicAttributes(setTopicAttributesRequest);


    But the error "Invalid parameter: Policy Error: null" is the same.






    amazon-web-services amazon-sns







    share|improve this question



























      0












      0








      0







      I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:



      {
      
  "Sid": "__console_sub_0",
      
  "Effect": "Allow",
      
  "Principal": {
      
    "AWS": "*"
      
  },
      
  "Action": [
      
    "SNS:Subscribe",
      
    "SNS:Receive"
      
  ],
      
  "Resource": "arn:aws:sns:MYARN"
      
}


      This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.



      What I've tried so for:



      1)



      Policy snsPolicy = new Policy().WithStatements(
      
            new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
      
            .WithPrincipals(Principal.AllUsers)
      
            .WithResources(new Resource("arn:aws:sns:MYARN"))
      
            );
      
        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
      
        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
      
        setTopicAttributesRequest.AttributeName = "Policy";
      
        setTopicAttributesRequest.AttributeValue = "test val";


      Result:



      Invalid parameter: Policy Error: null


      2) 



        AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
      
        snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
      

      
            List<string> tl = new List<string>();
      
        tl.Add("*");
      
        List<string> tl2 = new List<string>();
      
        tl2.Add("SNS:Subscribe"); 
      
        tl2.Add("SNS:Receive");
      
        Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);


      Result: 



      Invalid parameter: Policy statement action out of service scope!


      In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?



      Thank you



      EDIT



      I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:



                   AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);            
      
        Policy snsPolicy = new Policy();
      
        snsPolicy.Id = "test_id";
      
        snsPolicy.Statements.Add(statment);
      
        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
      
        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
      
        setTopicAttributesRequest.AttributeName = "Policy";
      
        setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
      
        snsClient.SetTopicAttributes(setTopicAttributesRequest);


      But the error "Invalid parameter: Policy Error: null" is the same.






      amazon-web-services amazon-sns







      share|improve this question















      I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:



      {
      
  "Sid": "__console_sub_0",
      
  "Effect": "Allow",
      
  "Principal": {
      
    "AWS": "*"
      
  },
      
  "Action": [
      
    "SNS:Subscribe",
      
    "SNS:Receive"
      
  ],
      
  "Resource": "arn:aws:sns:MYARN"
      
}


      This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.



      What I've tried so for:



      1)



      Policy snsPolicy = new Policy().WithStatements(
      
            new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
      
            .WithPrincipals(Principal.AllUsers)
      
            .WithResources(new Resource("arn:aws:sns:MYARN"))
      
            );
      
        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
      
        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
      
        setTopicAttributesRequest.AttributeName = "Policy";
      
        setTopicAttributesRequest.AttributeValue = "test val";


      Result:



      Invalid parameter: Policy Error: null


      2) 



        AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
      
        snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
      

      
            List<string> tl = new List<string>();
      
        tl.Add("*");
      
        List<string> tl2 = new List<string>();
      
        tl2.Add("SNS:Subscribe"); 
      
        tl2.Add("SNS:Receive");
      
        Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);


      Result: 



      Invalid parameter: Policy statement action out of service scope!


      In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?



      Thank you



      EDIT



      I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:



                   AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);            
      
        Policy snsPolicy = new Policy();
      
        snsPolicy.Id = "test_id";
      
        snsPolicy.Statements.Add(statment);
      
        SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
      
        setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
      
        setTopicAttributesRequest.AttributeName = "Policy";
      
        setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
      
        snsClient.SetTopicAttributes(setTopicAttributesRequest);


      But the error "Invalid parameter: Policy Error: null" is the same.






      amazon-web-services amazon-sns




      amazon-web-services amazon-sns






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 27 at 16:23

























      asked Dec 27 at 13:21









      Ehud Grand

      1,69532336




      1,69532336
























          1 Answer
          1






          active

          oldest

          votes


















          1














          As per AWS documentation, you should use Policy object found in the Amazon.Auth.AccessControlPolicy




          The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.




          public Policy GeneratePolicy(string bucket, string username, string ipAddress)
          
{
          
    var statement = new Statement(Statement.StatementEffect.Allow);
          

          
    // Allow access to the sub folder represented by the username in the bucket
          
    statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
          

          
    // Allow Get and Put object requests.
          
    statement.Actions = new List() 
          
        { S3ActionIdentifiers.GetObject,  S3ActionIdentifiers.PutObject };
          

          
    // Lock the requests coming from the client machine.
          
    statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
          

          
    var policy = new Policy();
          
    policy.Statements.Add(statement);
          

          
    return policy;
          
}


          Check this link for more information.






          share|improve this answer





















          • Hi thanks, but it doest work, please see my edit.
            – Ehud Grand
            Dec 27 at 16:23











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53945789%2faws-sns-edit-topic-policy-c-sharp%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          As per AWS documentation, you should use Policy object found in the Amazon.Auth.AccessControlPolicy




          The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.




          public Policy GeneratePolicy(string bucket, string username, string ipAddress)
          
{
          
    var statement = new Statement(Statement.StatementEffect.Allow);
          

          
    // Allow access to the sub folder represented by the username in the bucket
          
    statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
          

          
    // Allow Get and Put object requests.
          
    statement.Actions = new List() 
          
        { S3ActionIdentifiers.GetObject,  S3ActionIdentifiers.PutObject };
          

          
    // Lock the requests coming from the client machine.
          
    statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
          

          
    var policy = new Policy();
          
    policy.Statements.Add(statement);
          

          
    return policy;
          
}


          Check this link for more information.






          share|improve this answer





















          • Hi thanks, but it doest work, please see my edit.
            – Ehud Grand
            Dec 27 at 16:23
















          1














          As per AWS documentation, you should use Policy object found in the Amazon.Auth.AccessControlPolicy




          The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.




          public Policy GeneratePolicy(string bucket, string username, string ipAddress)
          
{
          
    var statement = new Statement(Statement.StatementEffect.Allow);
          

          
    // Allow access to the sub folder represented by the username in the bucket
          
    statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
          

          
    // Allow Get and Put object requests.
          
    statement.Actions = new List() 
          
        { S3ActionIdentifiers.GetObject,  S3ActionIdentifiers.PutObject };
          

          
    // Lock the requests coming from the client machine.
          
    statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
          

          
    var policy = new Policy();
          
    policy.Statements.Add(statement);
          

          
    return policy;
          
}


          Check this link for more information.






          share|improve this answer





















          • Hi thanks, but it doest work, please see my edit.
            – Ehud Grand
            Dec 27 at 16:23














          1












          1








          1






          As per AWS documentation, you should use Policy object found in the Amazon.Auth.AccessControlPolicy




          The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.




          public Policy GeneratePolicy(string bucket, string username, string ipAddress)
          
{
          
    var statement = new Statement(Statement.StatementEffect.Allow);
          

          
    // Allow access to the sub folder represented by the username in the bucket
          
    statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
          

          
    // Allow Get and Put object requests.
          
    statement.Actions = new List() 
          
        { S3ActionIdentifiers.GetObject,  S3ActionIdentifiers.PutObject };
          

          
    // Lock the requests coming from the client machine.
          
    statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
          

          
    var policy = new Policy();
          
    policy.Statements.Add(statement);
          

          
    return policy;
          
}


          Check this link for more information.






          share|improve this answer












          As per AWS documentation, you should use Policy object found in the Amazon.Auth.AccessControlPolicy




          The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.




          public Policy GeneratePolicy(string bucket, string username, string ipAddress)
          
{
          
    var statement = new Statement(Statement.StatementEffect.Allow);
          

          
    // Allow access to the sub folder represented by the username in the bucket
          
    statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
          

          
    // Allow Get and Put object requests.
          
    statement.Actions = new List() 
          
        { S3ActionIdentifiers.GetObject,  S3ActionIdentifiers.PutObject };
          

          
    // Lock the requests coming from the client machine.
          
    statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
          

          
    var policy = new Policy();
          
    policy.Statements.Add(statement);
          

          
    return policy;
          
}


          Check this link for more information.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 27 at 13:33









          Mohamed Hamza

          1066




          1066












          • Hi thanks, but it doest work, please see my edit.
            – Ehud Grand
            Dec 27 at 16:23


















          • Hi thanks, but it doest work, please see my edit.
            – Ehud Grand
            Dec 27 at 16:23
















          Hi thanks, but it doest work, please see my edit.
          – Ehud Grand
          Dec 27 at 16:23




          Hi thanks, but it doest work, please see my edit.
          – Ehud Grand
          Dec 27 at 16:23


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53945789%2faws-sns-edit-topic-policy-c-sharp%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Angular Downloading a file using contenturl with Basic Authentication

          Image
          0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head
          Read more

          Olmecas

          Image
          Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México
          Read more

          Can't read property showImagePicker of undefined in react native iOS

          Image
          1 I have tired with this issue npm install react-native-image-picker@latest --save react-native link react-native-image-picker import ImagePicker from 'react-native-image-picker'; const options = { quality: 1.0, maxWidth: 500, maxHeight: 500, storageOptions: { skipBackup: true } }; ImagePicker.showImagePicker(options, (response) => { console.log('Response = ', response); if (response.didCancel) { console.log('User cancelled image picker'); } else if (response.error) { console.log('ImagePicker Error: ', response.error); } else if (response.customButton) { console.log('User tapped custom button: ', response.customButton); } else {
          Read more