Setting up an SNS message integration

Below are the steps to set up a new AWS SNS message integration with Rightsline:

1. Determine the actions and char types of the messages in which you are interested.

2. Create an SQS queue in your AWS account. The queue can be either Standard or FIFO.

3. Modify the access policy for the SQS queue to allow the Rightsline AWS account to publish messages to the queue. The Rightsline AWS account ID 013474081760 should be granted the sqs:SendMessage permission like the following, replacing {{YOUR_QUEUE_ARN}} with the ARN of your queue, and {{REGION}} with the AWS Region the SNS topic is hosted in, found here:

   Copy

   {
     "Statement": [{
       "Effect":"Allow",
       "Principal": {
         "Service": "sns.amazonaws.com"
       },
       "Action":"sqs:SendMessage",
       "Resource":"{YOUR_QUEUE_ARN}",
       "Condition":{
         "ArnEquals":{
           "aws:SourceArn":"arn:aws:sns:{{REGION}}:013474081760:*"
         }
       }
     }]
   }

4. Ensure the message retention period on the SQS queue is set to at least 4 days to ensure that subscription confirmation messages are not automatically deleted. More information can be found here.

5. Contact Rightsline Support with the actions and the char types (from Step 1), your AWS Account ID number, and the Rightsline environment(s) that you would like messages for so that we can create the necessary SNS topics and IAM role(s) with the proper permissions.

6. Rightsline will create the SNS topics and IAM role(s) that will be provided to you (per environment). Topics will have the following format: {environment}-rtl-div{client_id}-{version}-ct{char_type_id} See SNS topic names for more details.

7. To configure an AWS profile for your new IAM role, you can use AWS CLI and run the following commands. Remember to replace <ROLE_ARN>, <EXTERNAL_ID>, and <REGION> with the values provided in step 6.

   Copy

   aws configure --profile rl-sns-profile set role_arn <ROLE_ARN>
   aws configure --profile rl-sns-profile set external_id <EXTERNAL_ID>
   aws configure --profile rl-sns-profile set role_session_name rl-sns-session
   aws configure --profile rl-sns-profile set source_profile default
   aws configure --profile rl-sns-profile set region <REGION>

8. You should then be able to subscribe to the provided SNS topics. Replace the <TOPIC_ARN> with the value provided in step 6 and <QUEUE_ARN> with the ARN of your SQS queue.

   Copy

   aws sns subscribe ––topic-arn <TOPIC_ARN> ––protocol sqs ––notification-endpoint <QUEUE_ARN> --profile rl-sns-profile

9. If the subscription is successful, you will receive a Pending Subscription message.

10. Poll the SQS queue for messages. If messages are found of the queue, open the contents of the message and locate the SubscribeURL. Copy the URL to a web browser and click enter. You should receive a message that the subscription is now confirmed, and you will start to receive messages to your SQS queue.