Error when adding permissions to an Amazon SNS topic when using the .NET libraries

StackOverflow https://stackoverflow.com/questions/4061836

  •  27-09-2019
  •  | 
  •  

Question

When attempting to add permissions to an Amazon SNS topic using the AWS SDK for .NET/1.1.0.1 using code similar to the following:

AddPermissionRequest request = new AddPermissionRequest()
    .WithActionNames(new[] { "Publish" })
    .WithAWSAccountIds(new[] { "xxx" })
    .WithLabel("PrincipleAllowControl")
    .WithTopicArn(resourceName);
client.AddPermission(request);

The following error message is returned:

<ErrorResponse xmlns=" http://sns.amazonaws.com/doc/2010-03-31/">
  <Error>
    <Type>Sender</Type>
    <Code>ValidationError</Code>
    <Message>2 validation errors detected: Value null at 'actionName' failed to satisfy constraint: Member must not be null; Value null at 'aWSAccountId' failed to satisfy constraint: Member must not be null</Message>
  </Error>
  <RequestId>45054159-e46b-11df-9b30-693941920fe7</RequestId>
</ErrorResponse>
Was it helpful?

Solution

Update - This has been resolved in the latest version of the .NET API so anyone still encountering this problem should upgrade to the 1.1.1 version of the API.

Took me awhile to figure out what was going on and I ended up having to use the HTTP version of the clients as well as Wireshark to watch what was happening, but it appears that there is a bug in AWS SDK for .NET/1.1.0.1. When I wrote a similar function using the AWS SDK for Java things proved to work fine, the following is a small block of that code:

AddPermissionRequest permissionRequest = new AddPermissionRequest()
   .withActionNames("Publish")
   .withAWSAccountIds("xxx")
   .withLabel("PrincipleAllowControl")
   .withTopicArn(resourceName);
client.addPermission(permissionRequest);

Watching what was happening via Wireshark turned up the following, with some minor censoring and editing for clarity:

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: AWS Java SDK-1.0.14
Host: sns.us-east-1.amazonaws.com
Content-Length: 419

Action=AddPermission&
SignatureMethod=HmacSHA256&
Label=PrincipleAllowControl&
ActionName.member.1=Publish&
AWSAccessKeyId=xxx&
Version=2010-03-31&
AWSAccountId.member.1=xxx&
SignatureVersion=2&
TopicArn=arn%3Aaws%3Asns%3Aus-east-1%3A589983072084%3Axxx&
Timestamp=2010-10-31T02%3A10%3A10.833Z&
Signature=Bq09wa2vF1levQGcQZWVaix3UG7Mxlq2JCk4znEYHAM%3D

POST / HTTP/1.1
User-Agent: AWS SDK for .NET/1.1.0.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: sns.us-east-1.amazonaws.com
Content-Length: 422

Action=AddPermission&
TopicArn=arn%3Aaws%3Asns%3Aus-east-1%3A589983072084%3Axxx&
Label=PrincipleAllowControl&
AWSAccountIds.member.1=xxx&
ActionNames.member.1=Publish&
AWSAccessKeyId=xxx&
SignatureVersion=2&
SignatureMethod=HmacSHA256&
Timestamp=2010-10-30T21%3A18%3A39.753Z&
Version=2010-03-31&
Signature=m9OvL1v91eurDa5QYP9gwrd2crdtssHsDFonFny3frU%3D

As you can see, the AWS SDK for .NET is making a call using AWSAccountIds and ActionNames as opposed to AWSAccountId and ActionName used by the AWS Java SDK which explains the error message that was returned.

For now there doesn't appear to be much that can be done about it short of not using the command in .NET applications and writing your own code to make the call. With any luck this will be fixed in an update to the SDK.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top