/// <summary>
/// This is a utility method which updates the policy of a queue to allow the
/// S3 bucket to publish events to it.
/// </summary>
/// <param name="queueUrl">The queue that will have its policy updated.</param>
/// <param name="bucket">The bucket that will be given access to send messages from.</param>
/// <returns>The ARN for the SQS queue. This can be used when setting up the S3 bucket notification.</returns>
public string AuthorizeS3ToSendMessage(string queueUrl, string bucket)
{
var getAttributeResponse = this.GetQueueAttributes(new GetQueueAttributesRequest
{
QueueUrl = queueUrl,
AttributeNames = new List <string> {
"All"
}
});
Policy policy;
if (!string.IsNullOrEmpty(getAttributeResponse.Policy))
{
policy = Policy.FromJson(getAttributeResponse.Policy);
}
else
{
policy = new Policy();
}
var sourceArn = string.Format(CultureInfo.InvariantCulture, "arn:aws:s3:*:*:{0}", bucket);
Statement statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(SQSActionIdentifiers.SendMessage);
statement.Resources.Add(new Resource(getAttributeResponse.QueueARN));
statement.Conditions.Add(ConditionFactory.NewSourceArnCondition(sourceArn));
statement.Principals.Add(new Principal("*"));
if (!policy.CheckIfStatementExists(statement))
{
policy.Statements.Add(statement);
var policyString = policy.ToJson();
this.SetQueueAttributes(new SetQueueAttributesRequest
{
QueueUrl = queueUrl,
Attributes = new Dictionary <string, string>
{
{ "Policy", policyString }
}
});
}
return(getAttributeResponse.QueueARN);
}
public static void Save(string sourceArn, string queueArn, string queueUrl, IAmazonSQS client)
{
var topicArnWildcard = CreateTopicArnWildcard(sourceArn);
ActionIdentifier[] actions = { SQSActionIdentifiers.SendMessage };
Policy sqsPolicy = new Policy()
.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource(queueArn))
.WithConditions(ConditionFactory.NewSourceArnCondition(topicArnWildcard))
.WithActionIdentifiers(actions));
SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest();
setQueueAttributesRequest.QueueUrl = queueUrl;
setQueueAttributesRequest.Attributes["Policy"] = sqsPolicy.ToJson();
client.SetQueueAttributes(setQueueAttributesRequest);
}
public Policy FunctionHandler(APIGatewayCustomAuthorizerRequest authEvent, ILambdaContext context)
{
try
{
// validate the token -- SIMPLY accept a silly tokens ;)
var token = authEvent.AuthorizationToken;
Policy policy;
if (CheckAuthorization(token) && "get".Equals(authEvent.HttpMethod, StringComparison.OrdinalIgnoreCase))
{
var policyStatementList = new List <Statement>();
var policyStatement = new Statement(Statement.StatementEffect.Allow);
var actionIdentifier = SNSActionIdentifiers.Publish; // ;)
policyStatement.Actions.Add(actionIdentifier);
policyStatement.Principals.Add(Principal.AllUsers);
var resource = new Resource("arn:aws:lambda:eu-west-1:166778461577:function:TriggerNotification");
policyStatement.Resources.Add(resource);
policyStatementList.Add(policyStatement);
// Add conditions
var condition = ConditionFactory.NewSourceArnCondition("*");
policyStatement.Conditions.Add(condition);
policy = new Policy("CallNotifierLambdaPolicy", policyStatementList);
}
else
{
var policyStatementList = new List <Statement>();
var policyStatement = new Statement(Statement.StatementEffect.Deny);
var actionIdentifier = SNSActionIdentifiers.AllSNSActions;
policyStatement.Actions.Add(actionIdentifier);
policy = new Policy("AccessDeniedPolicy", policyStatementList);
}
return(policy);
}
catch (Exception e)
{
Console.WriteLine("Error authorizing request. " + e.Message);
throw;
}
}
/// <summary>
/// Helper method for AuthorizeS3ToPublishAsync()
/// </summary>
/// <param name="attributes"></param>
/// <param name="topicArn"></param>
/// <param name="bucket"></param>
/// <param name="policy"></param>
/// <param name="statement"></param>
private static void GetNewPolicyAndStatementForTopicAttributes(Dictionary <string, string> attributes, string topicArn, string bucket, out Policy policy, out Statement statement)
{
if (attributes.ContainsKey("Policy") && !string.IsNullOrEmpty(attributes["Policy"]))
{
policy = Policy.FromJson(attributes["Policy"]);
}
else
{
policy = new Policy();
}
var sourceArn = string.Format(CultureInfo.InvariantCulture, "arn:aws:s3:*:*:{0}", bucket);
statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(SNSActionIdentifiers.Publish);
statement.Resources.Add(new Resource(topicArn));
statement.Conditions.Add(ConditionFactory.NewSourceArnCondition(sourceArn));
statement.Principals.Add(new Principal("*"));
}
/// <summary>
/// Helper method for AuthorizeS3ToSendMessage()
/// </summary>
/// <param name="response"></param>
/// <param name="bucket"></param>
/// <param name="policy"></param>
/// <param name="statement"></param>
private static void GetNewPolicyAndStatement(GetQueueAttributesResponse response, string bucket, out Policy policy, out Statement statement)
{
if (!string.IsNullOrEmpty(response.Policy))
{
policy = Policy.FromJson(response.Policy);
}
else
{
policy = new Policy();
}
var sourceArn = string.Format(CultureInfo.InvariantCulture, "arn:aws:s3:*:*:{0}", bucket);
statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(SQSActionIdentifiers.SendMessage);
statement.Resources.Add(new Resource(response.QueueARN));
statement.Conditions.Add(ConditionFactory.NewSourceArnCondition(sourceArn));
statement.Principals.Add(new Principal("*"));
}
public void TestIfStatementAlreadyExists()
{
var policy = new Policy();
Statement statement = new Statement(Statement.StatementEffect.Allow);
statement.Actions.Add(SQSActionIdentifiers.SendMessage);
statement.Resources.Add(new Resource("the:queue:arn"));
statement.Conditions.Add(ConditionFactory.NewSourceArnCondition("source:arn"));
statement.Principals.Add(new Principal("*"));
policy.Statements.Add(statement);
Statement newStatement = new Statement(Statement.StatementEffect.Allow);
newStatement.Actions.Add(SQSActionIdentifiers.SendMessage);
newStatement.Resources.Add(new Resource("the:queue:arn"));
newStatement.Conditions.Add(ConditionFactory.NewSourceArnCondition("source:arn"));
newStatement.Principals.Add(new Principal("*"));
Assert.IsTrue(policy.CheckIfStatementExists(newStatement));
newStatement.Effect = Statement.StatementEffect.Deny;
Assert.IsFalse(policy.CheckIfStatementExists(newStatement));
newStatement.Effect = Statement.StatementEffect.Allow;
Assert.IsTrue(policy.CheckIfStatementExists(newStatement));
newStatement.Actions.Add(SQSActionIdentifiers.AddPermission);
Assert.IsFalse(policy.CheckIfStatementExists(newStatement));
newStatement.Actions.Remove(SQSActionIdentifiers.AddPermission);
Assert.IsTrue(policy.CheckIfStatementExists(newStatement));
newStatement.Principals.Add(new Principal("data"));
Assert.IsFalse(policy.CheckIfStatementExists(newStatement));
newStatement.Principals.RemoveAt(1);
Assert.IsTrue(policy.CheckIfStatementExists(newStatement));
newStatement.Conditions[0].ConditionKey = "new:arn";
Assert.IsFalse(policy.CheckIfStatementExists(newStatement));
}
public async Task <ISubscription> SubscribeAsync(String topic)
{
var amazonTopic = await amazonSnsClient.CreateTopicAsync(new CreateTopicRequest()
{
Name = topic
});
var queue = await amazonSqsClient.CreateQueueAsync(new CreateQueueRequest()
{
QueueName = Guid.NewGuid().ToString()
});
var queueAttributes = await amazonSqsClient.GetQueueAttributesAsync(new GetQueueAttributesRequest()
{
AttributeNames = new List <String>(new String[] { "QueueArn" }),
QueueUrl = queue.QueueUrl
});
var policy = new Policy()
.WithStatements(
new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithConditions(ConditionFactory.NewSourceArnCondition(amazonTopic.TopicArn))
.WithResources(new Resource(queueAttributes.QueueARN))
.WithActionIdentifiers(SQSActionIdentifiers.SendMessage));
await amazonSqsClient.SetQueueAttributesAsync(queue.QueueUrl, new Dictionary <String, String>()
{
["Policy"] = policy.ToJson()
});
await amazonSnsClient.SubscribeAsync(new SubscribeRequest()
{
Endpoint = queueAttributes.QueueARN,
Protocol = "sqs",
TopicArn = amazonTopic.TopicArn
});
var subscription = amazonSubscriptionFactory.Create(queue.QueueUrl);
return(subscription);
}
public static async Task SaveAsync(string sourceArn, string queueArn, string queueUrl, IAmazonSQS client)
{
var topicArnWildcard = CreateTopicArnWildcard(sourceArn);
ActionIdentifier[] actions = { SQSActionIdentifiers.SendMessage };
var sqsPolicy = new Policy()
.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource(queueArn))
.WithConditions(ConditionFactory.NewSourceArnCondition(topicArnWildcard))
.WithActionIdentifiers(actions));
var setQueueAttributesRequest = new SetQueueAttributesRequest
{
QueueUrl = queueUrl,
Attributes = { ["Policy"] = sqsPolicy.ToJson() }
};
await client.SetQueueAttributesAsync(setQueueAttributesRequest).ConfigureAwait(false);
}
/// <summary>
/// This is a utility method which updates the policy of a topic to allow the
/// S3 bucket to publish events to it.
/// </summary>
/// <param name="topicArn">The topic that will have its policy updated.</param>
/// <param name="bucket">The bucket that will be given access to publish from.</param>
public void AuthorizeS3ToPublish(string topicArn, string bucket)
{
var attributes = this.GetTopicAttributes(new GetTopicAttributesRequest
{
TopicArn = topicArn
}).Attributes;
Policy policy;
if (attributes.ContainsKey("Policy") && !string.IsNullOrEmpty(attributes["Policy"]))
{
policy = Policy.FromJson(attributes["Policy"]);
}
else
{
policy = new Policy();
}
var sourceArn = string.Format(CultureInfo.InvariantCulture, "arn:aws:s3:*:*:{0}", bucket);
Statement newStatement = new Statement(Statement.StatementEffect.Allow);
newStatement.Actions.Add(SNSActionIdentifiers.Publish);
newStatement.Resources.Add(new Resource(topicArn));
newStatement.Conditions.Add(ConditionFactory.NewSourceArnCondition(sourceArn));
newStatement.Principals.Add(new Principal("*"));
if (!policy.CheckIfStatementExists(newStatement))
{
policy.Statements.Add(newStatement);
var policyString = policy.ToJson();
this.SetTopicAttributes(new SetTopicAttributesRequest
{
TopicArn = topicArn,
AttributeName = "Policy",
AttributeValue = policyString
});
}
}
public static void Main(string[] args)
{
const bool useEasySubscription = false;
var sns = new AmazonSimpleNotificationServiceClient();
var sqs = new AmazonSQSClient();
string nameOfNewTopic = args[0]; //Sanitise this to ensure no illegal characters.
var emailAddress = args[1];
try
{
var topicArn = sns.CreateTopic(
new CreateTopicRequest {
Name = nameOfNewTopic
}).TopicArn;
sns.SetTopicAttributes(new SetTopicAttributesRequest
{
TopicArn = topicArn,
AttributeName = "DisplayName",
AttributeValue = "Sample Notifications"
});
RetrieveAllTopics(sns);
if (string.IsNullOrEmpty(emailAddress) == false)
{
// Subscribe an endpoint - in this case, an email address
Console.WriteLine();
Console.WriteLine("Subscribing email address {0} to topic...", emailAddress);
sns.Subscribe(new SubscribeRequest
{
TopicArn = topicArn,
Protocol = "email",
Endpoint = emailAddress
});
// When using email, recipient must confirm subscription
Console.WriteLine();
Console.WriteLine("Please check your email and press enter when you are subscribed...");
Console.ReadLine();
}
Console.WriteLine();
var sqsRequest = new CreateQueueRequest
{
QueueName = "MyExperimentQueue"
};
var createQueueResponse = sqs.CreateQueue(sqsRequest);
var myQueueUrl = createQueueResponse.QueueUrl;
var myQueueArn = sqs.GetQueueAttributes(
new GetQueueAttributesRequest
{
QueueUrl = myQueueUrl,
AttributeNames = new List <string> {
"All"
}
}).QueueARN;
ListQueues(sqs);
if (myQueueArn != null)
{
//https://aws.amazon.com/blogs/developer/subscribing-an-sqs-queue-to-an-sns-topic/
if (useEasySubscription)
{
sns.SubscribeQueue(topicArn, sqs, myQueueUrl);
}
else
{
var subscribeRequest = new SubscribeRequest(topicArn, "SQS", myQueueArn);
sns.Subscribe(subscribeRequest);
ActionIdentifier[] actions = new ActionIdentifier[2];
actions[0] = SQSActionIdentifiers.SendMessage;
actions[1] = SQSActionIdentifiers.ReceiveMessage;
Policy sqsPolicy = new Policy()
.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource(myQueueArn))
.WithConditions(ConditionFactory.NewSourceArnCondition(topicArn))
.WithActionIdentifiers(actions));
var attributeDictionary = new Dictionary <string, string>();
attributeDictionary.Add("Policy", sqsPolicy.ToJson());
var attributes = new SetQueueAttributesRequest {
QueueUrl = myQueueUrl, Attributes = attributeDictionary
};
sqs.SetQueueAttributes(attributes);
}
Thread.Sleep(TimeSpan.FromSeconds(5));
// Publish message
Console.WriteLine();
Console.WriteLine("Publishing message to topic...");
sns.Publish(new PublishRequest
{
Subject = "Test",
Message = "Testing testing 1 2 3",
TopicArn = topicArn
});
var receivedMessageResponse = ReceiveMessage(sqs, myQueueUrl);
DeleteReceivedMessage(receivedMessageResponse, myQueueUrl, sqs);
}
//Console.WriteLine();
//Console.WriteLine("Deleting topic...");
//sns.DeleteTopic(new DeleteTopicRequest
//{
// TopicArn = topicArn
//});
}
catch (AmazonSimpleNotificationServiceException ex)
{
Console.WriteLine("Caught Exception: " + ex.Message);
Console.WriteLine("Response Status Code: " + ex.StatusCode);
Console.WriteLine("Error Code: " + ex.ErrorCode);
Console.WriteLine("Error Type: " + ex.ErrorType);
Console.WriteLine("Request ID: " + ex.RequestId);
}
Console.WriteLine();
Console.WriteLine("Press enter to exit...");
Console.ReadLine();
}
public static async Task CheckSqsPolicy(this IAmazonInternalSettings amazonInternalSettings, ITransactionContext transactionContext, string destinationQueueUrlByName, SqsInfo sqsInformation, string topicArn)
{
var logger = amazonInternalSettings.RebusLoggerFactory.GetLogger();
var sqsClient = amazonInternalSettings.CreateSqsClient(transactionContext);
var attributes = await sqsClient.GetAttributesAsync(destinationQueueUrlByName);
var policyKey = "Policy";
var statement = new Statement(Statement.StatementEffect.Allow).WithPrincipals(Principal.AllUsers).WithResources(new Resource(sqsInformation.Arn)).WithConditions(ConditionFactory.NewSourceArnCondition(topicArn)).WithActionIdentifiers(SQSActionIdentifiers.SendMessage);
Policy sqsPolicy;
var setPolicy = false;
if (attributes.ContainsKey(policyKey))
{
logger.Debug($"Updating existing policy on sqs queue {0} for topic {1}", sqsInformation.Url, topicArn);
var policyString = attributes[policyKey];
attributes = new Dictionary <string, string>();
sqsPolicy = Policy.FromJson(policyString);
if (sqsPolicy.CheckIfStatementExists(statement) == false)
{
sqsPolicy = sqsPolicy.WithStatements(statement);
attributes.Add(policyKey, sqsPolicy.ToJson());
setPolicy = true;
}
}
else
{
logger.Debug($"Creating policy on sqs queue {0} for topic {1}", sqsInformation.Url, topicArn);
attributes = new Dictionary <string, string>();
sqsPolicy = new Policy().WithStatements(statement);
attributes.Add(policyKey, sqsPolicy.ToJson());
setPolicy = true;
}
if (setPolicy)
{
await sqsClient.SetAttributesAsync(sqsInformation.Url, attributes);
}
}