Comment on page
Setting up an SNS message integration
Below are the steps to set up a new AWS SNS message integration with Rightsline:
- 1.
- 2.Create an SQS queue in your AWS account. The queue can be either Standard or FIFO.
- 3.Modify the access policy for the SQS queue to allow the Rightsline AWS account to publish messages to the queue. The Rightsline AWS account ID
013474081760
should be granted thesqs:SendMessage
permission like the following:{"Statement": [{"Effect":"Allow","Principal": {"Service": "sns.amazonaws.com"},"Action":"sqs:SendMessage","Resource":"{your_queue_ARN}","Condition":{"ArnEquals":{"aws:SourceArn":"arn:aws:sns:us-west-2:013474081760:*"}}}]} - 4.Ensure the message retention period on the SQS queue is set to at least 4 days to ensure that subscription confirmation messages are not automatically deleted. More information can be found here.
- 5.Contact Rightsline Support with the actions and the char types (from Step 1), your AWS Account ID number, and the Rightsline environment(s) that you would like messages for so that we can create the necessary SNS topics and IAM role(s) with the proper permissions.
- 6.Rightsline will create the SNS topics and IAM role(s) that will be provided to you (per environment). Topics will have the following format:
{environment}-rtl-div{client_id}-{version}-ct{char_type_id}
See SNS topic names for more details. - 7.To configure an AWS profile for your new IAM role, you can use AWS CLI and run the following commands. Remember to replace
<ROLE_ARN>
,<EXTERNAL_ID>
, and<REGION>
with the values provided in step 3.aws configure --profile rl-sns-profile set role_arn <ROLE_ARN>aws configure --profile rl-sns-profile set external_id <EXTERNAL_ID>aws configure --profile rl-sns-profile set role_session_name rl-sns-sessionaws configure --profile rl-sns-profile set source_profile defaultaws configure --profile rl-sns-profile set region <REGION> - 8.You should then be able to subscribe to the provided SNS topics. Replace the
<TOPIC_ARN>
with the value provided in step 6 and<QUEUE_ARN>
with the ARN of your SQS queue.aws sns subscribe ––topic-arn <TOPIC_ARN> ––protocol sqs ––notification-endpoint <QUEUE_ARN> --profile rl-sns-profile - 9.If the subscription is successful, you will receive a Pending Subscription message.
- 10.Poll the SQS queue for messages. If messages are found of the queue, open the contents of the message and locate the
SubscribeURL
. Copy the URL to a web browser and click enter. You should receive a message that the subscription is now confirmed, and you will start to receive messages to your SQS queue.
Last modified 6mo ago