Subscribing to SNS topic with Terraform via HTTP inside VPC

Question

I have an EB instance that lives inside of a VPC. I do not want this instance to be externally accessible and it also needs to access an RDS instance inside the same VPC.

I want to create a subscription from SNS to this EB instance.

Here is the Terraform I have come up with:

resource "aws_sns_topic_subscription" "my_sub" {
  topic_arn              = aws_sns_topic.my_topic.arn
  protocol               = "http"
  endpoint               = "http://${aws_elastic_beanstalk_environment.my_eb_app.endpoint_url}/api/sns"
  endpoint_auto_confirms = true
}

However, this fails because it is an internal endpoint:

Error: Error creating SNS topic: AuthorizationError: Not authorized to subscribe internal endpoints
    status code: 403, request id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

How should I work around this?

Answer 1

There's apparently no way around making the endpoint public. People recommend instead subscribing an SQS queue and polling that.