hashicorp · gdavison · Mar 25, 2021 · Feb 27, 2021 · Feb 27, 2021 · ewbankkit
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_sns_topic_subscription: Add plan time validation for `subscription_role_arn` and `topic_arn`
+```
+
+```release-note:bug
+resource/aws_sns_topic_subscription: recreate subscription if topic is deleted
+```
@@ -0,0 +1,26 @@
+package finder
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/sns"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
+)
+
+func SubscriptionByARN(conn *sns.SNS, id string) (*sns.GetSubscriptionAttributesOutput, error) {
+	output, err := conn.GetSubscriptionAttributes(&sns.GetSubscriptionAttributesInput{
+		SubscriptionArn: aws.String(id),
+	})
+	if tfawserr.ErrCodeEquals(err, sns.ErrCodeNotFoundException) {
+		return nil, nil
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil || output.Attributes == nil || len(output.Attributes) == 0 {
+		return nil, nil
+	}
+
+	return output, nil
+}
@@ -3,20 +3,13 @@ package waiter
 import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/sns"
-	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/sns/finder"
 )
 
 func SubscriptionPendingConfirmation(conn *sns.SNS, id string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
-		output, err := conn.GetSubscriptionAttributes(&sns.GetSubscriptionAttributesInput{
-			SubscriptionArn: aws.String(id),
-		})
-
-		if tfawserr.ErrCodeEquals(err, sns.ErrCodeResourceNotFoundException) {
-			return nil, "", nil
-		}
-
+		output, err := finder.SubscriptionByARN(conn, id)
 		if err != nil {
 			return nil, "", err
 		}

@@ -9,6 +9,7 @@ import (
 
 const (
 	SubscriptionPendingConfirmationTimeout = 2 * time.Minute
+	SubscriptionDeleteTimeout              = 2 * time.Minute
 )
 
 func SubscriptionConfirmed(conn *sns.SNS, id, expectedValue string, timeout time.Duration) (*sns.GetSubscriptionAttributesOutput, error) {
@@ -26,3 +27,20 @@ func SubscriptionConfirmed(conn *sns.SNS, id, expectedValue string, timeout time
 
 	return nil, err
 }
+
+func SubscriptionDeleted(conn *sns.SNS, id string) (*sns.GetSubscriptionAttributesOutput, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"false", "true"},
+		Target:  []string{},
+		Refresh: SubscriptionPendingConfirmation(conn, id),
+		Timeout: SubscriptionDeleteTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*sns.GetSubscriptionAttributesOutput); ok {
+		return output, err
+	}
+
+	return nil, err
+}
@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/sns/finder"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/sns/waiter"
 )
 
@@ -104,13 +105,15 @@ func resourceAwsSnsTopicSubscription() *schema.Resource {
 				DiffSuppressFunc: suppressEquivalentJsonDiffs,
 			},
 			"subscription_role_arn": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateArn,
 			},
 			"topic_arn": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateArn,
 			},
 		},
 	}
@@ -168,22 +171,27 @@ func resourceAwsSnsTopicSubscriptionRead(d *schema.ResourceData, meta interface{
 
 	log.Printf("[DEBUG] Loading subscription %s", d.Id())
 
-	output, err := conn.GetSubscriptionAttributes(&sns.GetSubscriptionAttributesInput{
-		SubscriptionArn: aws.String(d.Id()),
-	})
+	input := &sns.ListSubscriptionsByTopicInput{
+		TopicArn: aws.String(d.Get("topic_arn").(string)),
+	}
 
-	if !d.IsNewResource() && (tfawserr.ErrCodeEquals(err, sns.ErrCodeResourceNotFoundException) || tfawserr.ErrCodeEquals(err, sns.ErrCodeNotFoundException)) {
-		log.Printf("[WARN] SNS subscription attributes (%s) not found, removing from state", d.Id())
+	_, err := conn.ListSubscriptionsByTopic(input)
+
+	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, sns.ErrCodeNotFoundException) {
+		log.Printf("[WARN] SNS Topic Subscription (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil
 	}
 
+	output, err := finder.SubscriptionByARN(conn, d.Id())
 	if err != nil {
 		return fmt.Errorf("getting SNS subscription attributes (%s): %w", d.Id(), err)
 	}
 
-	if output == nil || output.Attributes == nil || len(output.Attributes) == 0 {
-		return fmt.Errorf("getting SNS subscription attributes (%s): empty response", d.Id())
+	if output == nil {
+		log.Printf("[WARN] SNS subscription attributes (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
 	}
 
 	attributes := output.Attributes
@@ -282,6 +290,13 @@ func resourceAwsSnsTopicSubscriptionDelete(d *schema.ResourceData, meta interfac
 		return nil
 	}
 
+	if _, err := waiter.SubscriptionDeleted(conn, d.Id()); err != nil {
+		if tfawserr.ErrCodeEquals(err, sns.ErrCodeNotFoundException) {
+			return nil
+		}
+		return fmt.Errorf("error waiting for SNS topic subscription (%s) deletion: %w", d.Id(), err)
+	}
+
 	return err
 }