Enable Huawei apps to receive push notifications

Background and design

Broadcast push notifications to iOS and Android devices are sent by publishing a message to an SNS Topic to which the devices are subscribed. Since SNS does not support registration of Huawei devices, we've had to build a small application to forward the events to Huawei devices via Huawei's own topic implementation.
Our implementation consist of a lambda function that is subscribed to the shared SNS topic. When a message is published on the SNS topic, the lambda function is triggered with a copy of the message payload as well as the name of the triggered topic. The lambda function then reads two values from SSM Paramter Store. First, the Huawei appId is read using the topic name as key. Secondly, the Huawei appSecret is read using the Huawei appId as key. With the id and secret, the application fetches an Huawei access-token and finally publishes the message on the Huawei Topic with the same name as the SNS Topic.

Add new app

Since the SNS Topics are located in the e-paper AWS Account (386836030723) and the Huawei push lambda in the SaaS accounts (see table below), a cross-account permission must be added before the lambda can be subscribed to a new SNS Topic.
The service is only deployed to the eu-west-1 region.
SaaS AWS Account and id
Lambda Arn
Prod 821876319861
arn:aws:lambda:eu-west-1:821876319861:function:huawei-push-HuaweiPushBroadcastLambda-9BFr7AeTHdFh
Stage 161383246049
arn:aws:lambda:eu-west-1:161383246049:function:huawei-push-HuaweiPushBroadcastLambda-UFQyPx9a1huL
This article describes the steps required in detail: https://jimmythompson.co.uk/blog/sns-and-lambda/.
The second step is already in place for all SNS Topics in the e-paper AWS account (Allowing the topic to invoke the Lambda function)
When that is in place, the clientId and clientSecret must be added to SSM Parameter store in the corresponding SaaS env account as described below:
Key
Value
Type
/huawei-push/app-id/{topic-name}
{huawei-appId}
String
/huawei-push/app-secret/{huawei-appId}
{huawei-appSecret}
SecureString
Done!