No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Turns out I needed to create a `aws.lambda.Permission` first. Is there a nice API to do both of these things?

I'm surprised `TopicSubscription` doesn't create the requisite permissions. <@UB9JVTW07> what do you think?

TopicSubscription is a raw aws resource.  So it would be a bit interesting to make it automatically make a permission

note: we do have Pulumi's `TopicEventSubscription` which also make's this permission for you automatically:

```
       this.permission = new lambda.Permission(name, {
            action: "lambda:invokeFunction",
            function: this.func,
            principal: "<http://sns.amazonaws.com|sns.amazonaws.com>",
            sourceArn: topic.id,
}, parentOpts);
```

we also have added the extension method "Topic.onEvent(...)" which will do this for you

Where is `TopicEventSubscription` located?

Ah <https://pulumi.io/reference/pkg/nodejs/@pulumi/aws-serverless/#TopicEventSubscription>. Seems weird to have to bring in another package to do this.

<https://github.com/pulumi/pulumi-aws/blob/1358bcbcbdf839e74c481dd835e14ce2e8e2ebef/sdk/nodejs/sns/snsMixins.ts#L58>

<https://github.com/pulumi/pulumi-aws/blob/1358bcbcbdf839e74c481dd835e14ce2e8e2ebef/sdk/nodejs/sns/snsMixins.ts#L105-L107>

Oh cool that sounds like what I was after. Will take a look tomorrow. 

FYI: `@pulumi/aws-serverless` has been deprecated

Cyrus, instead of programming against TopicEventSubscription directly, is it better to use events like `onEvent`?

E.g., for Kenny's example

```
alertsSnsTopic.onEvent(..)
```

rather than

```
new aws.sns.TopicSubscription(..., {
    topic: alertsSnsTopic,
    ...
);
```

they're functionally identical.  So it depends in you prefer of thinking as events you connect by attaching to an instance. or if you think of an event as a first-class object in your system.

Ah ok, I thought you were saying one would create the IAM resources and the other wouldn't. Good to know they are the same.

Some people prefer the former (it's very .net'y for example).  Whereas it's very idiomatically AWS to think of them as nouns