r/aws_sns_topic_subscription: handle eventually consistent subscription deletion

[jar-b]

Description

Previously the Read operation relied solely on the GetSubscriptionAttributes API, which is eventually consistent and may not correctly identify scenarios when the topic or subscription is deleted out of band. This change adds a call to the ListSubscriptionsByTopic API prior to the existing read logic to ensure both the topic and subscription are currently active. When a NotFound error is returned or the subscription is not in the list of returned subscriptions, the resource is removed from state and a re-creation will be triggered on the next apply.

Relations

Closes #41984
Relates #9645 (comment)
Relates #14101 - the ListSubscriptionsByTopic call was added to originally address this in v3.34.0
Relates #18475 - the ListSubscriptionsByTopic call was removed in v3.35.0

Output from Acceptance Testing

% make testacc PKG=sns TESTS=TestAccSNSTopicSubscription_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.7 test ./internal/service/sns/... -v -count 1 -parallel 20 -run='TestAccSNSTopicSubscription_'  -timeout 360m -vet=off
2025/04/02 10:45:34 Initializing Terraform AWS Provider...

--- PASS: TestAccSNSTopicSubscription_filterPolicyScope_policyNotSet (3.77s)
--- PASS: TestAccSNSTopicSubscription_email (17.52s)
--- PASS: TestAccSNSTopicSubscription_autoConfirmingEndpoint (42.54s)
--- PASS: TestAccSNSTopicSubscription_disappears_TopicExternal (50.90s)
--- PASS: TestAccSNSTopicSubscription_disappears (51.40s)
--- PASS: TestAccSNSTopicSubscription_disappears_Topic (51.53s)
--- PASS: TestAccSNSTopicSubscription_basic (51.89s)
--- PASS: TestAccSNSTopicSubscription_deliveryPolicy (72.32s)
--- PASS: TestAccSNSTopicSubscription_rawMessageDelivery (72.41s)
--- PASS: TestAccSNSTopicSubscription_filterPolicy (73.24s)
--- PASS: TestAccSNSTopicSubscription_firehose (75.93s)
--- PASS: TestAccSNSTopicSubscription_autoConfirmingSecuredEndpoint (85.98s)
--- PASS: TestAccSNSTopicSubscription_redrivePolicy (106.94s)
--- PASS: TestAccSNSTopicSubscription_filterPolicyScope (154.09s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/sns        160.822s

[github-actions]

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[ewbankkit]

LGTM 🚀.

[github-actions]

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.94.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[svenfinke]

This requires the extension of existing access policies of remote Topics. This can cause massive issues if you are not in control of the target topic and can't adjust the permissions.

Instead of ListSubscriptionsByTopic, use ListSubscriptions instead and search for the topic. This won't require additional permissions in a different AWS account.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.