public async Task EnsurePolicyIsUpdatedAsync(IReadOnlyCollection <string> additionalSubscriberAccounts) { if (additionalSubscriberAccounts.Any()) { var policyDetails = new SnsPolicyDetails { AccountIds = additionalSubscriberAccounts, SourceArn = Arn }; await SnsPolicy.SaveAsync(policyDetails, _client).ConfigureAwait(false); } }
internal static async Task SaveAsync(SnsPolicyDetails policyDetails, IAmazonSimpleNotificationService client) { var sourceAccountId = ExtractSourceAccountId(policyDetails.SourceArn); var policyJson = $@"{{ ""Version"" : ""2012-10-17"", ""Statement"" : [ {{ ""Sid"" : ""{Guid.NewGuid().ToString().Replace("-", "")}"", ""Effect"" : ""Allow"", ""Principal"" : {{ ""AWS"" : ""*"" }}, ""Action"" : [ ""sns:GetTopicAttributes"", ""sns:SetTopicAttributes"", ""sns:AddPermission"", ""sns:RemovePermission"", ""sns:DeleteTopic"", ""sns:Subscribe"", ""sns:Publish"" ], ""Resource"" : ""{policyDetails.SourceArn}"", ""Condition"" : {{ ""StringEquals"" : {{ ""AWS:SourceOwner"" : ""{sourceAccountId}"" }} }} }}, {{ ""Sid"" : ""{Guid.NewGuid().ToString().Replace("-", "")}"", ""Effect"" : ""Allow"", ""Principal"" : {{ ""AWS"" : {JsonSerializer.Serialize(policyDetails.AccountIds)} }}, ""Action"" : ""sns:Subscribe"", ""Resource"" : ""{policyDetails.SourceArn}"" }} ] }}"; var setQueueAttributesRequest = new SetTopicAttributesRequest(policyDetails.SourceArn, "Policy", policyJson); await client.SetTopicAttributesAsync(setQueueAttributesRequest).ConfigureAwait(false); }