AWS SNS edit topic policy - C#
I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:
{
"Sid": "__console_sub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Subscribe",
"SNS:Receive"
],
"Resource": "arn:aws:sns:MYARN"
}
This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.
What I've tried so for:
1)
Policy snsPolicy = new Policy().WithStatements(
new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource("arn:aws:sns:MYARN"))
);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = "test val";
Result:
Invalid parameter: Policy Error: null
2)
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
List<string> tl = new List<string>();
tl.Add("*");
List<string> tl2 = new List<string>();
tl2.Add("SNS:Subscribe");
tl2.Add("SNS:Receive");
Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);
Result:
Invalid parameter: Policy statement action out of service scope!
In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?
Thank you
EDIT
I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
But the error "Invalid parameter: Policy Error: null" is the same.
amazon-web-services amazon-sns
add a comment |
I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:
{
"Sid": "__console_sub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Subscribe",
"SNS:Receive"
],
"Resource": "arn:aws:sns:MYARN"
}
This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.
What I've tried so for:
1)
Policy snsPolicy = new Policy().WithStatements(
new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource("arn:aws:sns:MYARN"))
);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = "test val";
Result:
Invalid parameter: Policy Error: null
2)
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
List<string> tl = new List<string>();
tl.Add("*");
List<string> tl2 = new List<string>();
tl2.Add("SNS:Subscribe");
tl2.Add("SNS:Receive");
Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);
Result:
Invalid parameter: Policy statement action out of service scope!
In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?
Thank you
EDIT
I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
But the error "Invalid parameter: Policy Error: null" is the same.
amazon-web-services amazon-sns
add a comment |
I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:
{
"Sid": "__console_sub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Subscribe",
"SNS:Receive"
],
"Resource": "arn:aws:sns:MYARN"
}
This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.
What I've tried so for:
1)
Policy snsPolicy = new Policy().WithStatements(
new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource("arn:aws:sns:MYARN"))
);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = "test val";
Result:
Invalid parameter: Policy Error: null
2)
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
List<string> tl = new List<string>();
tl.Add("*");
List<string> tl2 = new List<string>();
tl2.Add("SNS:Subscribe");
tl2.Add("SNS:Receive");
Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);
Result:
Invalid parameter: Policy statement action out of service scope!
In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?
Thank you
EDIT
I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
But the error "Invalid parameter: Policy Error: null" is the same.
amazon-web-services amazon-sns
I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:
{
"Sid": "__console_sub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Subscribe",
"SNS:Receive"
],
"Resource": "arn:aws:sns:MYARN"
}
This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.
What I've tried so for:
1)
Policy snsPolicy = new Policy().WithStatements(
new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource("arn:aws:sns:MYARN"))
);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = "test val";
Result:
Invalid parameter: Policy Error: null
2)
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
List<string> tl = new List<string>();
tl.Add("*");
List<string> tl2 = new List<string>();
tl2.Add("SNS:Subscribe");
tl2.Add("SNS:Receive");
Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);
Result:
Invalid parameter: Policy statement action out of service scope!
In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?
Thank you
EDIT
I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
But the error "Invalid parameter: Policy Error: null" is the same.
amazon-web-services amazon-sns
amazon-web-services amazon-sns
edited Dec 27 at 16:23
asked Dec 27 at 13:21
Ehud Grand
1,69532336
1,69532336
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
As per AWS documentation, you should use Policy
object found in the Amazon.Auth.AccessControlPolicy
The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}
Check this link for more information.
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53945789%2faws-sns-edit-topic-policy-c-sharp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
As per AWS documentation, you should use Policy
object found in the Amazon.Auth.AccessControlPolicy
The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}
Check this link for more information.
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
add a comment |
As per AWS documentation, you should use Policy
object found in the Amazon.Auth.AccessControlPolicy
The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}
Check this link for more information.
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
add a comment |
As per AWS documentation, you should use Policy
object found in the Amazon.Auth.AccessControlPolicy
The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}
Check this link for more information.
As per AWS documentation, you should use Policy
object found in the Amazon.Auth.AccessControlPolicy
The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let’s add a condition that locks the GET and PUT request to the IP address of the desktop client.
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}
Check this link for more information.
answered Dec 27 at 13:33
Mohamed Hamza
1066
1066
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
add a comment |
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
Hi thanks, but it doest work, please see my edit.
– Ehud Grand
Dec 27 at 16:23
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53945789%2faws-sns-edit-topic-policy-c-sharp%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown