Why am I getting Invalid SNS topic ARN when creating a Budget Alert

4
votes

I'm simply attempting to setup a budget alert buy am getting the error Invalid SNS topic ARN when attempting to specify an SNS ARN for the alert.

I followed the steps below:

  1. Created a new SNS Topic with SMS as the protocol.
  2. Created a subscription to the topic (a US phone number).
  3. Tested the subscription by sending a text (this worked).
  4. Copied the ARN under the ARN column on the Topics section in AWS SNS.
  5. Checked Notify via Amazon Simple Notification Service (SNS) topic and entered the ARN from #4.
  6. I get the error Invalid SNS topic ARN next to the SNS Topic ARN field, immediately after copying-and-pasting the ARN into the field.

What's up? I know it's the correct ARN because I copied it directly from the console. Also, as far as I understand, Budgets and their alerts aren't tied the a specific region, although SNS Topics are (the topic is in us-east-2 N. Virginia).

Please let me know if you need more specifics.

7
amazon-web-servicesamazon-sns
Could you please verify whether the SNS topic has the policy as mentioned in: docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/…sudo

7 Answers

10
votes

Make sure you have allowed budget.amazonaws.com to be able to publish messages to this SNS topic in the SNS topic's resource based policy.

Add the following statement to the policy

{
    "Sid": "ExampleSid123456789012",
    "Effect": "Allow",
    "Principal": {
        "Service": "budgets.amazonaws.com"
     },
    "Action": "SNS:Publish",
    "Resource": "your topic ARN"
}

Hope it works!

5
votes

I only got it fixed when I created a standard topic (FIFO didn't work).

enter image description here

2
votes

I got the same problem before, but was able to solved by these steps,

"Please comply with SNS ARN format"

enter image description here

My workaround was

-

1. Create an SNS Topic in US-EAST-1 region

2. Just used Basic Access policy

3. (Optional) publish and subscribe field, I used the option : Only the specified AWS account, pasted my AWS account ID

enter image description here

4. Edit SNS Topic and Enable access policy,by adding the service budgets.amazonaws.com , in SNS:Publish action just follow and copy the format in the picture below, Then saved

enter image description here

5. After successfully created the SNS topic , I reloaded the configure alert page, then pasted the SNS topic ARN. No more Errors and can already confirm budget,

enter image description here

You will receive a confirmation Email.

With this content

Congratulations, you have successfully verified your SNS topic for AWS Budgets! You can now receive your AWS Budgets notifications through this SNS topic.

0
votes

I had the same problem. Here is what I experienced.

  • Started to create AWS billing alert
  • Tried to use existing SNS topic, got the same error message you did. Interestingly if you have a syntax error in your SNS ARN you will get different error message 'Please comply with SNS ARN format'.
  • Thought that SNS topic should be in US-EAST region. Created one there just for billing alerts. Still same error message.
  • Realized that topic must have correct policy attached to it. Added policy statement similar to what @mmal suggested. Still same error message.

But then I just reloaded the page and tried to create billing alert from scratch.

And second time it worked!!

0
votes

Just as a minor point to this, after following the above steps, it still was not working. I discovered that if you have "Encryption" enabled on the SNS topic it will not work. Disabling this on the topic and refreshing the Budget edit screen fixed it!

0
votes

You need to add the policy just below "Statement": [ on the existing SNS Access policy.

{
  "Sid": "AWSBudgets-notification-1",
  "Effect": "Allow",
  "Principal": {
    "Service": "budgets.amazonaws.com"
  },
  "Action": "SNS:Publish",
  "Resource": "SNS-policy-ARN"
},

Makesure not to miss the comma at the end. SNS-policy-ARN is the ARN of the same SNS topic

0
votes

If you're running this in a .net application, with your AWS credentials in your ~/.AWS/credentials file, ensure that the Region that is defined in your appsettings.json matches the region in which your SNS Topic exists.

{
    "AWS": {
        "Profile": "myProfile",
        "Region": "eu-west-2"
    },
    ...