sns_topic - Fix Permission Issue for Cross Account Subscriptions (ans…

…ible-collections#1418)

sns_topic - Fix Permission Issue for Cross Account Subscriptions

SUMMARY

sns_topic currently fails with the following error if it has any cross account subscriptions:
Couldn't get subscription attributes for subscription arn:aws:sns:us-east-1:123412341234:my-sns-topic-name:555950dc-7c5f-416c-8f8e-e8f38eabfa54: An error occurred (AuthorizationError) when calling the GetSubscriptionAttributes operation: Not authorized to access this subscription

This happens, for example, when a Lambda function in account A is subscribed to an SNS topic in account B, as described here.
I believe this was caused by ansible-collections#640.
I am not sure how to write a test for this specific situation as it would require multiple AWS accounts.

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

sns_topic
ADDITIONAL INFORMATION



- community.aws.sns_topic:
    name: my-sns-topic-in-account-123412341234
    subscriptions:
      - endpoint: "arn:aws:lambda:us-east-1:567856785678:function:my-lambda-function-in-account-567856785678"
        protocol: lambda
    state: present

Reviewed-by: Mark Chappell <None>

sns_topic.py

@@ -519,8 +519,8 @@ def _set_topic_subs_attributes(self):
         for sub in list_topic_subscriptions(self.connection, self.module, self.topic_arn):
             sub_key = (sub['Protocol'], sub['Endpoint'])
             sub_arn = sub['SubscriptionArn']
-            if sub_key not in self.desired_subscription_attributes:
-                # subscription isn't defined in desired, skipping
+            if not self.desired_subscription_attributes.get(sub_key):
+                # subscription attributes aren't defined in desired, skipping
                 continue
 
             try: