feat(sns): Add FilterPolicyScope support (#23108)

----
closes #23079 

### Description
This PR adds support for FilterPolicyScope for SNS subscriptions. This is in response to AWS introducing payload-based message filtering: https://aws.amazon.com/blogs/compute/introducing-payload-based-message-filtering-for-amazon-sns/.

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: brennanho

packages/@aws-cdk/aws-sns-subscriptions/lib/email.ts

@@ -32,6 +32,7 @@ export class EmailSubscription implements sns.ITopicSubscription {
       endpoint: this.emailAddress,
       protocol: this.props.json ? sns.SubscriptionProtocol.EMAIL_JSON : sns.SubscriptionProtocol.EMAIL,
       filterPolicy: this.props.filterPolicy,
+      filterPolicyWithMessageBody: this.props.filterPolicyWithMessageBody,
       deadLetterQueue: this.props.deadLetterQueue,
     };
   }

packages/@aws-cdk/aws-sns-subscriptions/lib/lambda.ts

@@ -45,6 +45,7 @@ export class LambdaSubscription implements sns.ITopicSubscription {
       endpoint: this.fn.functionArn,
       protocol: sns.SubscriptionProtocol.LAMBDA,
       filterPolicy: this.props.filterPolicy,
+      filterPolicyWithMessageBody: this.props.filterPolicyWithMessageBody,
       region: this.regionFromArn(topic),
       deadLetterQueue: this.props.deadLetterQueue,
     };

packages/@aws-cdk/aws-sns-subscriptions/lib/sms.ts

@@ -20,6 +20,7 @@ export class SmsSubscription implements sns.ITopicSubscription {
       endpoint: this.phoneNumber,
       protocol: sns.SubscriptionProtocol.SMS,
       filterPolicy: this.props.filterPolicy,
+      filterPolicyWithMessageBody: this.props.filterPolicyWithMessageBody,
     };
   }
 }

packages/@aws-cdk/aws-sns-subscriptions/lib/sqs.ts

@@ -75,6 +75,7 @@ export class SqsSubscription implements sns.ITopicSubscription {
       protocol: sns.SubscriptionProtocol.SQS,
       rawMessageDelivery: this.props.rawMessageDelivery,
       filterPolicy: this.props.filterPolicy,
+      filterPolicyWithMessageBody: this.props.filterPolicyWithMessageBody,
       region: this.regionFromArn(topic),
       deadLetterQueue: this.props.deadLetterQueue,
       subscriptionDependency: queuePolicyDependable,

packages/@aws-cdk/aws-sns-subscriptions/lib/subscription.ts

@@ -11,7 +11,13 @@ export interface SubscriptionProps {
    * @default - all messages are delivered
    */
   readonly filterPolicy?: { [attribute: string]: sns.SubscriptionFilter };
-
+  /**
+   * The filter policy that is applied on the message body.
+   * To apply a filter policy to the message attributes, use `filterPolicy`. A maximum of one of `filterPolicyWithMessageBody` and `filterPolicy` may be used.
+   *
+   * @default - all messages are delivered
+   */
+  readonly filterPolicyWithMessageBody?: { [attribute: string]: sns.FilterOrPolicy };
   /**
    * Queue to be used as dead letter queue.
    * If not passed no dead letter queue is enabled.

packages/@aws-cdk/aws-sns-subscriptions/lib/url.ts

@@ -61,6 +61,7 @@ export class UrlSubscription implements sns.ITopicSubscription {
       protocol: this.protocol,
       rawMessageDelivery: this.props.rawMessageDelivery,
       filterPolicy: this.props.filterPolicy,
+      filterPolicyWithMessageBody: this.props.filterPolicyWithMessageBody,
       deadLetterQueue: this.props.deadLetterQueue,
     };
   }

packages/@aws-cdk/aws-sns-subscriptions/package.json

@@ -75,6 +75,7 @@
     "@aws-cdk/assertions": "0.0.0",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/integ-runner": "0.0.0",
+    "@aws-cdk/integ-tests": "0.0.0",
     "@aws-cdk/cfn2ts": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.5.2",

packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.assets.json

@@ -1,15 +1,15 @@
 {
-  "version": "20.0.0",
+  "version": "22.0.0",
   "files": {
-    "451c86b70ff9eaa09b0558745f5aa97d2af847bd82e8960d44d5c91c88fa855a": {
+    "b4d5d97a3217325cd1f06b3e725bdfbb9c4fd3c5c4a6adba15b286efa9146e23": {
       "source": {
         "path": "aws-cdk-sns-lambda.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "451c86b70ff9eaa09b0558745f5aa97d2af847bd82e8960d44d5c91c88fa855a.json",
+          "objectKey": "b4d5d97a3217325cd1f06b3e725bdfbb9c4fd3c5c4a6adba15b286efa9146e23.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }

packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/aws-cdk-sns-lambda.template.json

@@ -241,6 +241,101 @@
      ]
     }
    }
+  },
+  "FilteredMessageBodyServiceRoleB2EB82B3": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Join": [
+       "",
+       [
+        "arn:",
+        {
+         "Ref": "AWS::Partition"
+        },
+        ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+       ]
+      ]
+     }
+    ]
+   }
+  },
+  "FilteredMessageBody222AE8F1": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Code": {
+     "ZipFile": "exports.handler = function handler(event, _context, callback) {\n    /* eslint-disable no-console */\n    console.log('====================================================');\n    console.log(JSON.stringify(event, undefined, 2));\n    console.log('====================================================');\n    return callback(undefined, event);\n}"
+    },
+    "Role": {
+     "Fn::GetAtt": [
+      "FilteredMessageBodyServiceRoleB2EB82B3",
+      "Arn"
+     ]
+    },
+    "Handler": "index.handler",
+    "Runtime": "nodejs14.x"
+   },
+   "DependsOn": [
+    "FilteredMessageBodyServiceRoleB2EB82B3"
+   ]
+  },
+  "FilteredMessageBodyAllowInvokeawscdksnslambdaMyTopic6C62AB90FB54CEA4": {
+   "Type": "AWS::Lambda::Permission",
+   "Properties": {
+    "Action": "lambda:InvokeFunction",
+    "FunctionName": {
+     "Fn::GetAtt": [
+      "FilteredMessageBody222AE8F1",
+      "Arn"
+     ]
+    },
+    "Principal": "sns.amazonaws.com",
+    "SourceArn": {
+     "Ref": "MyTopic86869434"
+    }
+   }
+  },
+  "FilteredMessageBodyMyTopicAD1F55C4": {
+   "Type": "AWS::SNS::Subscription",
+   "Properties": {
+    "Protocol": "lambda",
+    "TopicArn": {
+     "Ref": "MyTopic86869434"
+    },
+    "Endpoint": {
+     "Fn::GetAtt": [
+      "FilteredMessageBody222AE8F1",
+      "Arn"
+     ]
+    },
+    "FilterPolicy": {
+     "background": {
+      "color": [
+       "red",
+       {
+        "prefix": "bl"
+       },
+       {
+        "prefix": "ye"
+       }
+      ]
+     }
+    },
+    "FilterPolicyScope": "MessageBody"
+   }
   }
  },
  "Parameters": {

packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/cdk.out

@@ -1 +1 @@
-{"version":"20.0.0"}
+{"version":"22.0.0"}

packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/integ.json

@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "22.0.0",
   "testCases": {
     "integ.sns-lambda": {
       "stacks": [

packages/@aws-cdk/aws-sns-subscriptions/test/integ.sns-lambda.js.snapshot/manifest.json

@@ -1,12 +1,6 @@
 {
-  "version": "20.0.0",
+  "version": "22.0.0",
   "artifacts": {
-    "Tree": {
-      "type": "cdk:tree",
-      "properties": {
-        "file": "tree.json"
-      }
-    },
     "aws-cdk-sns-lambda.assets": {
       "type": "cdk:asset-manifest",
       "properties": {
@@ -23,7 +17,7 @@
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/451c86b70ff9eaa09b0558745f5aa97d2af847bd82e8960d44d5c91c88fa855a.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b4d5d97a3217325cd1f06b3e725bdfbb9c4fd3c5c4a6adba15b286efa9146e23.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -105,6 +99,30 @@
             "data": "FilteredMyTopicC8395C27"
           }
         ],
+        "/aws-cdk-sns-lambda/FilteredMessageBody/ServiceRole/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FilteredMessageBodyServiceRoleB2EB82B3"
+          }
+        ],
+        "/aws-cdk-sns-lambda/FilteredMessageBody/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FilteredMessageBody222AE8F1"
+          }
+        ],
+        "/aws-cdk-sns-lambda/FilteredMessageBody/AllowInvoke:awscdksnslambdaMyTopic6C62AB90": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FilteredMessageBodyAllowInvokeawscdksnslambdaMyTopic6C62AB90FB54CEA4"
+          }
+        ],
+        "/aws-cdk-sns-lambda/FilteredMessageBody/MyTopic/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "FilteredMessageBodyMyTopicAD1F55C4"
+          }
+        ],
         "/aws-cdk-sns-lambda/BootstrapVersion": [
           {
             "type": "aws:cdk:logicalId",
@@ -119,6 +137,12 @@
         ]
       },
       "displayName": "aws-cdk-sns-lambda"
+    },
+    "Tree": {
+      "type": "cdk:tree",
+      "properties": {
+        "file": "tree.json"
+      }
     }
   }
 }