Skip to content

Commit

Permalink
feat(sns): add signature version prop (#29543)
Browse files Browse the repository at this point in the history
Closes #29539. 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
msambol authored Mar 29, 2024
1 parent fe4bc1d commit dffedca
Show file tree
Hide file tree
Showing 10 changed files with 110 additions and 11 deletions.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,14 @@
}
]
}
},
"MyTopicSignatureVersionEDDB6A3B": {
"Type": "AWS::SNS::Topic",
"Properties": {
"DisplayName": "fooDisplayNameSignatureVersion",
"SignatureVersion": "2",
"TopicName": "fooTopicSignatureVersion"
}
}
},
"Parameters": {
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ class SNSInteg extends Stack {
successFeedbackRole: feedbackRole,
successFeedbackSampleRate: 50,
});

new Topic(this, 'MyTopicSignatureVersion', {
topicName: 'fooTopicSignatureVersion',
displayName: 'fooDisplayNameSignatureVersion',
signatureVersion: '2',
});
}
}

Expand Down
13 changes: 13 additions & 0 deletions packages/aws-cdk-lib/aws-sns/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,19 @@ const topic = new sns.Topic(this, 'Topic', {
});
```

Add an SNS Topic to your stack with a specified signature version, which corresponds
to the hashing algorithm used while creating the signature of the notifications,
subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS.

The default signature version is `1` (`SHA1`).
SNS also supports signature version `2` (`SHA256`).

```ts
const topic = new sns.Topic(this, 'Topic', {
signatureVersion: '2',
});
```

Note that FIFO topics require a topic name to be provided. The required `.fifo` suffix will be automatically generated and added to the topic name if it is not explicitly provided.

## Subscriptions
Expand Down
28 changes: 24 additions & 4 deletions packages/aws-cdk-lib/aws-sns/lib/topic.ts
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ export interface TopicProps {
/**
* The list of delivery status logging configurations for the topic.
*
* For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html.
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html.
*
* @default None
*/
Expand All @@ -71,17 +71,27 @@ export interface TopicProps {
/**
* Adds a statement to enforce encryption of data in transit when publishing to the topic.
*
* For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit.
*
* @default false
*/
readonly enforceSSL?: boolean;

/**
* The signature version corresponds to the hashing algorithm used while creating the signature of the notifications,
* subscription confirmations, or unsubscribe confirmation messages sent by Amazon SNS.
*
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html.
*
* @default 1
*/
readonly signatureVersion?: string;
}

/**
* A logging configuration for delivery status of messages sent from SNS topic to subscribed endpoints.
*
* For more information, see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html.
* @see https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html.
*/
export interface LoggingConfig {
/**
Expand Down Expand Up @@ -207,7 +217,7 @@ export class Topic extends TopicBase {
if (props.fifo && props.topicName && !props.topicName.endsWith('.fifo')) {
cfnTopicName = this.physicalName + '.fifo';
} else if (props.fifo && !props.topicName) {
// Max lenght allowed by CloudFormation is 256, we subtract 5 to allow for ".fifo" suffix
// Max length allowed by CloudFormation is 256, we subtract 5 to allow for ".fifo" suffix
const prefixName = Names.uniqueResourceName(this, {
maxLength: 256 - 5,
separator: '-',
Expand All @@ -217,6 +227,15 @@ export class Topic extends TopicBase {
cfnTopicName = this.physicalName;
}

if (
props.signatureVersion &&
!Token.isUnresolved(props.signatureVersion) &&
props.signatureVersion !== '1' &&
props.signatureVersion !== '2'
) {
throw new Error(`signatureVersion must be "1" or "2", received: "${props.signatureVersion}"`);
}

const resource = new CfnTopic(this, 'Resource', {
archivePolicy: props.messageRetentionPeriodInDays ? {
MessageRetentionPeriod: props.messageRetentionPeriodInDays,
Expand All @@ -226,6 +245,7 @@ export class Topic extends TopicBase {
kmsMasterKeyId: props.masterKey && props.masterKey.keyArn,
contentBasedDeduplication: props.contentBasedDeduplication,
fifoTopic: props.fifo,
signatureVersion: props.signatureVersion,
deliveryStatusLogging: Lazy.any({ produce: () => this.renderLoggingConfigs() }, { omitEmptyArray: true }),
});

Expand Down
20 changes: 20 additions & 0 deletions packages/aws-cdk-lib/aws-sns/test/sns.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,26 @@ describe('Topic', () => {
})).toThrow(/Content based deduplication can only be enabled for FIFO SNS topics./);

});

test('specify signatureVersion', () => {
const stack = new cdk.Stack();

new sns.Topic(stack, 'MyTopic', {
signatureVersion: '2',
});

Template.fromStack(stack).hasResourceProperties('AWS::SNS::Topic', {
'SignatureVersion': '2',
});
});

test('throw with incorrect signatureVersion', () => {
const stack = new cdk.Stack();

expect(() => new sns.Topic(stack, 'MyTopic', {
signatureVersion: '3',
})).toThrow(/signatureVersion must be "1" or "2", received: "3"/);
});
});

test('can add a policy to the topic', () => {
Expand Down

0 comments on commit dffedca

Please sign in to comment.