Summary
An EventBridge Scheduler schedule whose target is the universal arn:aws:scheduler:::aws-sdk:sns:publish action drops MessageAttributes. The schedule fires and the message is delivered with the correct Subject and Message, but the MessageAttributes supplied in the target Input are not published — subscribers receive an empty attribute map.
This breaks any consumer that relies on SNS message attributes — e.g. SQS subscriptions with a FilterPolicy, which match on MessageAttributes. Such subscribers silently receive nothing.
A direct sns:Publish API call (not via the scheduler) preserves MessageAttributes correctly, so the loss is specific to the scheduler's universal-target invocation.
Verified on floci/floci:1.5.26.
Reproduction
Requirements: docker, aws CLI.
#!/usr/bin/env bash
set -euo pipefail
export AWS_ACCESS_KEY_ID=dummy AWS_SECRET_ACCESS_KEY=dummy AWS_DEFAULT_REGION=us-east-1
EP=http://localhost:4566
ROLE=arn:aws:iam::000000000000:role/x
docker run -d --rm --name floci-attr -p 4566:4566 floci/floci:1.5.26 >/dev/null
for _ in $(seq 1 30); do curl -sf "$EP/" >/dev/null 2>&1 && break; sleep 1; done
TOPIC=$(aws --endpoint-url $EP sns create-topic --name t --query TopicArn --output text)
SUBQ=$(aws --endpoint-url $EP sqs create-queue --queue-name sub --query QueueUrl --output text)
SUBARN=$(aws --endpoint-url $EP sqs get-queue-attributes --queue-url "$SUBQ" \
--attribute-names QueueArn --query 'Attributes.QueueArn' --output text)
# plain SQS subscription (no raw delivery) so the SNS envelope, incl. MessageAttributes, is visible
aws --endpoint-url $EP sns subscribe --topic-arn "$TOPIC" --protocol sqs \
--notification-endpoint "$SUBARN" >/dev/null
# universal target Input carries Subject + MessageAttributes
cat > target.json <<JSON
{
"Arn": "arn:aws:scheduler:::aws-sdk:sns:publish",
"RoleArn": "$ROLE",
"Input": "{\"TopicArn\":\"$TOPIC\",\"Subject\":\"my-subject\",\"Message\":\"{}\",\"MessageAttributes\":{\"EventName\":{\"DataType\":\"String\",\"StringValue\":\"my-subject\"}}}"
}
JSON
WHEN=$(date -u -d '+8 seconds' +%Y-%m-%dT%H:%M:%S 2>/dev/null || date -u -v+8S +%Y-%m-%dT%H:%M:%S)
aws --endpoint-url $EP scheduler create-schedule --name s \
--schedule-expression "at($WHEN)" --schedule-expression-timezone UTC \
--flexible-time-window Mode=OFF --action-after-completion DELETE \
--target file://target.json >/dev/null
sleep 14
echo "Delivered SNS envelope:"
aws --endpoint-url $EP sqs receive-message --queue-url "$SUBQ" --wait-time-seconds 3 \
--query 'Messages[0].Body' --output text
docker stop floci-attr >/dev/null
Expected
The delivered SNS envelope contains the supplied attributes, e.g.:
{ "Subject": "my-subject", "Message": "{}",
"MessageAttributes": { "EventName": { "Type": "String", "Value": "my-subject" } } }
Actual
Subject and Message are preserved, but MessageAttributes is empty:
{ "Subject": "my-subject", "Message": "{}", "MessageAttributes": {} }
As a result, an SQS subscription with a FilterPolicy on EventName would not receive the message.
Notes
Environment
- Image:
floci/floci:1.5.26
- Client: AWS CLI v2 against
http://localhost:4566
Summary
An EventBridge Scheduler schedule whose target is the universal
arn:aws:scheduler:::aws-sdk:sns:publishaction dropsMessageAttributes. The schedule fires and the message is delivered with the correctSubjectandMessage, but theMessageAttributessupplied in the targetInputare not published — subscribers receive an empty attribute map.This breaks any consumer that relies on SNS message attributes — e.g. SQS subscriptions with a
FilterPolicy, which match onMessageAttributes. Such subscribers silently receive nothing.A direct
sns:PublishAPI call (not via the scheduler) preservesMessageAttributescorrectly, so the loss is specific to the scheduler's universal-target invocation.Verified on
floci/floci:1.5.26.Reproduction
Requirements:
docker,awsCLI.Expected
The delivered SNS envelope contains the supplied attributes, e.g.:
{ "Subject": "my-subject", "Message": "{}", "MessageAttributes": { "EventName": { "Type": "String", "Value": "my-subject" } } }Actual
SubjectandMessageare preserved, butMessageAttributesis empty:{ "Subject": "my-subject", "Message": "{}", "MessageAttributes": {} }As a result, an SQS subscription with a
FilterPolicyonEventNamewould not receive the message.Notes
aws-sdk:sns:publishpath: the targetInput'sMessageAttributesaren't forwarded to the underlyingPublishcall.aws sns publish ... --message-attributes ...preserves attributes, confirming the loss is in the scheduler universal-target mapping, not SNS itself.Environment
floci/floci:1.5.26http://localhost:4566