public async Task EnsurePolicyIsUpdatedAsync(IReadOnlyCollection <string> additionalSubscriberAccounts)
{
if (additionalSubscriberAccounts.Any())
{
var policyDetails = new SnsPolicyDetails
{
AccountIds = additionalSubscriberAccounts,
SourceArn = Arn
};
await SnsPolicy.SaveAsync(policyDetails, _client).ConfigureAwait(false);
}
}
internal static async Task SaveAsync(SnsPolicyDetails policyDetails, IAmazonSimpleNotificationService client)
{
var sourceAccountId = ExtractSourceAccountId(policyDetails.SourceArn);
var policyJson = $@"{{
""Version"" : ""2012-10-17"",
""Statement"" : [
{{
""Sid"" : ""{Guid.NewGuid().ToString().Replace("-", "")}"",
""Effect"" : ""Allow"",
""Principal"" : {{
""AWS"" : ""*""
}},
""Action"" : [
""sns:GetTopicAttributes"",
""sns:SetTopicAttributes"",
""sns:AddPermission"",
""sns:RemovePermission"",
""sns:DeleteTopic"",
""sns:Subscribe"",
""sns:Publish""
],
""Resource"" : ""{policyDetails.SourceArn}"",
""Condition"" : {{
""StringEquals"" : {{
""AWS:SourceOwner"" : ""{sourceAccountId}""
}}
}}
}},
{{
""Sid"" : ""{Guid.NewGuid().ToString().Replace("-", "")}"",
""Effect"" : ""Allow"",
""Principal"" : {{
""AWS"" : {JsonSerializer.Serialize(policyDetails.AccountIds)}
}},
""Action"" : ""sns:Subscribe"",
""Resource"" : ""{policyDetails.SourceArn}""
}}
]
}}";
var setQueueAttributesRequest = new SetTopicAttributesRequest(policyDetails.SourceArn, "Policy", policyJson);
await client.SetTopicAttributesAsync(setQueueAttributesRequest).ConfigureAwait(false);
}
