terraform-provider-aws: aws_sns_topic_subscription doesn't support unconfirmed endpoints

Community Note

  • Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.11

  • provider.aws v1.60.0

Affected Resource(s)

  • aws_sns_topic_subscription

Expected Behavior

A subscription is created with an email endpoint (or non-auto-confirming HTTP endpoint). If the subscription is not confirmed, then the endpoint simply doesn’t receive any messages.

Actual Behavior

The resource doesn’t allow these subscriptions. The resource docs note that

These are unsupported because the endpoint needs to be authorized and does not generate an ARN until the target email address has been validated. This breaks the Terraform model and as a result are not currently supported.

However the SNS API includes a parameter ReturnSubscriptionArn which can be set to true to request that the ARN is returned even if the subscription isn’t confirmed. As such, an ARN is generated before the target email address has been validated, and this should then fit into Terraform’s model.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 62
  • Comments: 16 (9 by maintainers)

Most upvoted comments

What is the status of this? It is very annoying not to be able to subscribe via email within TF. The fix is trivial. How many people need to upvote to get this merged in?

+12
scastria on Mar 4, 2021

Not sure if I’m having the same issue, or a slightly different one with the same potential solution. I’m registering a subscription with the pagerduty HTTPS API, the subscription auto confirms, and I can confirm that in the console, but every subsequent build fails with “Error: Protocol http/https is only supported for endpoints which auto confirms!”

+8
crobo1337 on Oct 22, 2019

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the “Allow edits from maintainers” box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

+3
breathingdust on Feb 3, 2022

I’m also having similar issues to @crobo1337 with similar messages, setting up pager duty subs.

+2
sagagliardo on Nov 4, 2019

Starting to look at this

+1
lxop on Mar 10, 2019
Read more comments on GitHub
← terraform-provider-aws: aws_security_group_rule: InvalidParameterValue: When protocol is ALL, you cannot specify from-port.
terraform-provider-aws: aws_spot_instance_request tags won't apply to instance →