SNS Subscription is not created with serverless

Question

I have a serverless project that should deploy a queue, subscribe this queue to an existing topic and a lambda to process messages off the queue. Here's my yaml:

service: "ssul-${opt:branch}"

provider:
  name: aws
  runtime: nodejs8.10
  region: eu-west-1

functions:
  update:
    reservedConcurrency: 10
    handler: index.update
    events:
    - sqs:
        arn: {Fn::GetAtt: [Queue, Arn]}
        batchSize: 1

resources:
  Resources:
    Queue:
      Type: "AWS::SQS::Queue"
      Properties:
        MessageRetentionPeriod: 10800
        VisibilityTimeout: 900
        QueueName: "updates-${opt:branch}"
    Subscription:
      Type: "AWS::SNS::Subscription"
      Properties:
        TopicArn: "${env:TOPIC_ARN}"
        Protocol: sqs
        Endpoint:
          Fn::GetAtt: [Queue, Arn]

I run sls deploy --branch master returns fine and everything is deployed except the subscription. The topic is in a different account but I was able to create a queue and subscribe it manually through the console. What am I doing wrong?

Answer 1

I had a similar problems (in my case I was using SAM - Serverless Application Model, so my yml is different, but problem should be the same). Sometimes Console creates some object behind the scenes. In my case the problem was the topic policy resource:

  TopicPolicy:
    Type: "AWS::SNS::TopicPolicy"
    Properties:
      PolicyDocument:
        Version: "2012-10-17"
        Id: MyTopicPolicy
        Statement:
          - 
            Effect: "Allow"
            Principal: 
              Service: "events.amazonaws.com"
            Action: 
              - "sns:Publish"
            Resource: "*"
      Topics:
        - !Ref PipelineNotificationsTopic