Why can't I delete my Amazon SNS topic subscription?

6 minute read
1

I want to delete my Amazon Simple Notification Service (Amazon SNS) topic subscription. However, I either get an error message or I see that the option to delete the subscription is deactivated in the console.

Short description

There are three situations when Amazon SNS doesn't let you delete your Amazon SNS topic subscription:

  • Your topic subscription is in the Pending Confirmation status.
  • Your topic subscription is in the Deleted status.
  • The AWS Identity and Access Management (IAM) entity that's trying to delete your topic subscription doesn't have the required permissions to unsubscribe.

Note: After three days, Amazon SNS automatically removes subscriptions that are in the Deleted and Pending Confirmation status from your account.

If your topic subscription is in the Pending Confirmation status, then the Delete button is deactivated in the Amazon SNS console.

If your topic subscription is in the Deleted status and you try to delete the subscription, then Amazon SNS returns the following error message:

"Error code: InvalidParameter - Error message: Invalid parameter: SubscriptionArn Reason: An ARN must have at least 6 elements, not 1"

If the IAM entity that's trying to delete your subscription doesn't have the required permissions to unsubscribe, then Amazon SNS returns a Permissions Denied error.

Resolution

Check if your Amazon SNS topic subscription is in the Deleted or Pending Confirmation status

Important: If subscriptions are in the Deleted or Pending Confirmation status when you delete their topic, then you can't manually remove the subscriptions from your account. You must wait three days for Amazon SNS to automatically remove the subscriptions from your account.
Note: If the subscription isn't automatically removed in three days, contact AWS Support.

Open the Amazon SNS console.

In the left navigation pane, choose Subscriptions.

On the Subscriptions page, find the subscription that you want to delete. Then, in the Status column, check if the subscription is in either the Deleted or Pending Confirmation status.

Complete the steps in one of the following sections, depending on whether your subscription is in the Deleted or Pending Confirmation status. If your subscription isn't in Deleted or Pending Confirmation status, then complete the steps in the To troubleshoot Permissions Denied errors section.

Your Amazon SNS topic subscription is in the Deleted status

There are two reasons that a topic subscription is in the Deleted status without being removed from your account:

A member of the topic mailing list selects the unsubscribe link in an email sent from the topic

Take the following action:

  1. In your email inbox, open the email that has the following subject line: AWS Notification - Unsubscribe Confirmation.
  2. At the bottom of the email, select the Resubscribe link. After you select the Resubscribe link, the email subscription is reconfirmed and you can delete it from the Amazon SNS console.

-Or-

Follow these steps to recreate the deleted subscription:

  1. Recreate the deleted email subscription, and then confirm it.
  2. After you create and confirm the subscription, delete it from the Amazon SNS console.
    Note: Email spam filters can also unsubscribe the mailing list's email address.

An Amazon SQS queue in another account that's subscribed to the topic deletes the cross-account subscription

Complete the following steps:

  1. Follow the instructions in How do I recreate a "Deleted" Amazon SNS topic subscription for an Amazon SQS queue in another AWS account?
  2. Use the AWS account that owns the subscription to delete the subscription.

Your Amazon SNS topic subscription is in the Pending Confirmation status

There are four reasons that a topic subscription is in the Pending Confirmation status without being removed from your account:

  • The subscription is added but isn't yet confirmed.
  • The email address that's added to the subscription isn't valid.
  • The delivery rate for email messages exceeds the default quota of 10 messages per second.
  • The HTTP or HTTPS endpoint isn't automatically processing the Subscription Confirmation request that Amazon SNS made.
  • The HTTP or HTTPS endpoint isn't valid.

When any of the following endpoint types are subscribed to an SNS topic, the subscription remains in the Pending Confirmation status until it's confirmed:

  • Email
  • HTTP
  • HTTPS
  • Cross-account Amazon SQS

To confirm a subscription that's associated with the preceding types of endpoints, select the Confirm Subscription link that was sent to the endpoint. After the subscription is confirmed, you can delete it from the Amazon SNS console.

For all other scenarios, you must resubscribe the endpoint to the SNS topic, and then complete the following steps to delete it:

  1. Open the Amazon SNS console.
  2. In the left navigation pane, choose Subscriptions.
  3. On the Subscriptions page, find the subscription that you want to delete. Then, choose Request confirmation. A confirmation request is sent to the designated endpoint.
  4. Based on the type of endpoint that you're using, take one of the following actions to confirm the subscription:
  5. For email endpoints

In your email inbox, open the email that has the following subject line: AWS Notification - Subscription Confirmation. Then, choose Confirm Subscription.
Note: If you don't see the subscription confirmation email, then check your email's spam and junk folders.

For cross-account Amazon SQS endpoints

Find the subscription confirmation message in the Amazon SQS queue. Then, send an HTTP GET request to the SubscribeURL that's in the message body. For more information, see Sending Amazon SNS messages to an Amazon SQS queue in a different account.

For HTTP and HTTPS endpoints

Make sure that your endpoint can handle the HTTP POST requests that Amazon SNS uses to send subscription confirmation and notification messages. For more information, see Make sure your endpoint is ready to process Amazon SNS messages.

When the subscription is in the Confirmed status, delete the subscription.

Note: For email, HTTP, and HTTPS endpoints, three days must elapse before the subscription is removed from your account after you delete it.

To troubleshoot Permissions Denied errors

Check unsubscribe permission

Complete the following steps to confirm that the IAM entity that's trying to delete your topic subscription has the required permissions to unsubscribe:

  1. Open the IAM Policy Simulator console.
  2. In the left Users, Groups, and Roles pane, choose the IAM entity that you're using to delete the topic subscription.
  3. In the Policy Simulator pane, for the Select service dropdown list, select SNS.
  4. For the Select actions dropdown list, select Unsubscribe.
  5. Choose Run Simulation.
  6. Under Action Settings and Results, in the Permission column, check if the unsubscribe permission is Allowed or Denied.

If your IAM entity doesn't allow the sns:Unsubscribe action, contact your system administrator and ask them to add the required permissions. For more information, see Adding and removing IAM identity permissions.

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago