How do I recreate a "Deleted" Amazon SNS cross-account subscription?

Last updated: 2019-11-18

My Amazon Simple Queue Service (Amazon SQS) queue in one AWS account was subscribed to an Amazon Simple Notification Service (Amazon SNS) topic in another account. I deleted the cross-account subscription, and its status is now "Deleted". How do I recreate that subscription?

Short Description

When you call the Amazon SNS Subscribe API, the AWS account that you use becomes the owner of the subscription. If you delete the subscription by calling the Amazon SNS Unsubscribe API from another account that doesn't own the subscription, the subscription goes into a "Deleted" state for 72 hours.

During that time, the subscription owner account can't resubscribe the same endpoint to the respective SNS topic. After 72 hours, Amazon SNS clears the "Deleted" subscription and you can resubscribe as before.

Note: As a best practice, we recommend that you run Subscribe and Unsubscribe API calls from the same AWS account.

Resolution

If you don't want to wait 72 hours, recreate the subscription by doing any of the following:

  • In the UnsubscribeConfirmation message sent to the SQS queue after you deleted the subscription, find the SubscribeURL. Send an HTTP GET request to the SubscribeURL. For example:
curl -X GET "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37fb687f5d51e6e241d09c805a5a57b30d712f794cc5f6a988666d92768dd60a747ba6f3beb71854e285d6ad02428b09ceece29417f1f02d609c582afbacc99c583a916b9981dd2728f4ae6fdb82efd087cc3b7849e05798d2d2785c03b0879594eeac82c01f235d0e717736"
  • Call the Subscribe API from the AWS account that owns the SNS topic. Then have a user with permissions to read messages from the queue confirm the subscription.
  • Create a new SNS topic to replace the current topic, then subscribe the SQS queue to the new topic.