Amazon SNS

You can configure Amazon SNS only as a target.

To configure the connection details for Amazon SNS in your Micro-Integration, see Amazon SNS Connection Parameters

You must also define at least one Micro-Integration Flow that specifies:

the endpoints where data is published to. For more information, see Micro-Integration Flow Parameters.
how the header and payload fields should be mapped. For more information, see Mapping Headers and Payloads

For a listing of available message headers, see Amazon SNS Message Headers.

Amazon SNS Connection Parameters

The following table describes the connection parameters for Amazon SNS.

Field	Description
AWS Region	The AWS region for this SNS topic.
Authentication Scheme	The authentication scheme to use when connecting to Amazon SNS. One of: AWS Access Key—Additional configuration is required. For more information, see AWS Access Key. AWS Chained IAM Role Assumption—Additional configuration is required. For more information, see AWS Chained IAM Role Assumption. Authentication using AWS Chained IAM Role Assumption is supported only for event brokers hosted on AWS.

Field

Description

AWS Region

The AWS region for this SNS topic.

Authentication Scheme

The authentication scheme to use when connecting to Amazon SNS. One of:

AWS Access Key—Additional configuration is required. For more information, see AWS Access Key.
AWS Chained IAM Role Assumption—Additional configuration is required. For more information, see AWS Chained IAM Role Assumption.

Authentication using AWS Chained IAM Role Assumption is supported only for event brokers hosted on AWS.

AWS Access Key

Field	Description
AWS Access Key	An AWS Access Key ID.
AWS Secret Key	The Secret Key associated with the Access Key ID.

AWS Chained IAM Role Assumption

Chained IAM role assumption allows Micro-Integrations to securely access AWS resources across different AWS accounts without requiring direct credential exchange. Chained IAM role assumption works through a trust relationship between AWS accounts:

The resource owner creates an IAM role (solace-mi-workload-role) in their AWS account, and configures it with the specific permissions required.
This role is configured to trust the Solace AWS account's role (single-pod-identity-role in account 718462147973).

When a Micro-Integration needs to access the resource, it uses the trust chain to temporarily assume the necessary permissions, as follows:

[Assume single-pod-identity-role] → [Get credentials to assume solace-mi-workload-role] → 
[Assume solace-mi-workload-role] → [Get credentials to access the target vendor resource] → 
[Access the resource]

The resource owner must do the following:

Create a role called solace-mi-workload-role in the resource owner's AWS account and attach the following trust policy:

{
  "Version":"2012-10-17",
  "Statement":[{
    "Effect":"Allow",
    "Principal":{
      "AWS":"arn:aws:iam::718462147973:role/single-pod-identity-role"
     },
    "Action":[
     "sts:TagSession",
     "sts:AssumeRole"
     ]
  }]
}

Attach the required resource permissions to the solace-mi-workload-role. The minimum required permissions are:
- sns:Publish
- sns:ListTopics
- sns:CreateTopic

The following table describes the parameters for configuring authentication using chained IAM role assumption.

Field Description

AWS Account ID The 12-digit AWS Account ID to be used for IAM role assumption. This must be the account where the solace-mi-workload-role exists.

Session Name

Field	Description
AWS Account ID	The 12-digit AWS Account ID to be used for IAM role assumption. This must be the account where the `solace-mi-workload-role` exists.
Session Name	The name to use for the assumed role session (defaults to `solace-mi-workload-session` if not provided).
External ID	An optional external ID to use if the resource owner's trust policy requires it. To configure it, the resource owner must separate the `sts:TagSession` and `sts:AssumeRole` into different statements in the `solace-mi-workload-role` trust policy and add the following condition to the `sts:AssumeRole` statement: "Condition":{ "StringEquals":{ "sts:ExternalId":"<your_external_id_string>" } }

The name to use for the assumed role session (defaults to solace-mi-workload-session if not provided).

External ID

An optional external ID to use if the resource owner's trust policy requires it.

To configure it, the resource owner must separate the sts:TagSession and sts:AssumeRole into different statements in the solace-mi-workload-role trust policy and add the following condition to the sts:AssumeRole statement:

"Condition":{
  "StringEquals":{
    "sts:ExternalId":"<your_external_id_string>"
   }
 }

Micro-Integration Flow Parameters

You must configure the endpoint parameters for each Flow. Each Flow can have different settings, but they all share the connection details of the parent Micro-Integration.

Amazon SNS Target Parameters

The following table describes the parameters for configuring Amazon SNS as a target.

Setting a Smart Topic Destination on the Mappings step overrides the target destination field set on the Details step.

Field Description

Destination

Field	Description
Destination	The target SNS Topic name or Amazon Resource Name (ARN). If you provide the SNS topic name: If the SNS does not exist, the Micro-Integration attempts to create the SNS and then returns its ARN. If the SNS already exists, the Micro-Integration returns the ARN for the existing SNS. You should be aware that when you provide the SNS topic name, the account configured for the Micro-Integration must have the necessary SNS create permissions, otherwise the creation process fails due to insufficient access. For example, you can specify an ARN value as follows: `arn:aws:sns:us-east-2:123456789012:MyTopic`

The target SNS Topic name or Amazon Resource Name (ARN).

If you provide the SNS topic name:

If the SNS does not exist, the Micro-Integration attempts to create the SNS and then returns its ARN.
If the SNS already exists, the Micro-Integration returns the ARN for the existing SNS.

You should be aware that when you provide the SNS topic name, the account configured for the Micro-Integration must have the necessary SNS create permissions, otherwise the creation process fails due to insufficient access.

For example, you can specify an ARN value as follows:

arn:aws:sns:us-east-2:123456789012:MyTopic

Provide feedback