I'm modifying an AWS CloudFormation template with the intention of ensuring that SNS Topic A is the only topic that can publish to SQS Queue 1 and SQS Queue 2. This is what I have:
SomeOtherQueue:
Type: AWS::SQS::Queue
InboundQueue:
Type: AWS::SQS::Queue
InboundCopyQueue:
Type: AWS::SQS::Queue
InboundTopic:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Endpoint:
Fn::GetAtt:
- InboundQueue
- Arn
Protocol: sqs
InboundQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Id: InboundQueuePolicy
Statement:
- Sid: Allow-SendMessage-To-Inbound-Queue-Only
Effect: Allow
Principal:
Service:
- sns.amazonaws.com
Action:
- sqs:SendMessage
Resource: "*"
Queues:
- Ref: InboundQueue
- Ref: InboundCopyQueue
The above defines a set of queues, a topic with a subscription to some the relevant queues and a queue policy that is meant to restrict which topic can publish to the referenced queues.
What I'm trying to understand is how to go about ensuring that InboundQueuePolicy applies to InboundTopic only. I cannot seem to find the correct syntax for referencing InboundTopic as the resource for InboundQueuePolicy.
Any assistance with getting the correct syntax would be greatly appreciated.
Thanks
