堆栈内存溢出
  简体   繁体   English

S3事件的Cloudformation SQS策略

[英]Cloudformation SQS Policy for S3 events

 原文  2016-08-24 11:32:33       amazon-web-services/ amazon-s3/ amazon-sqs/ amazon-cloudformation

问题描述

I'm trying to create a policy for an SQS queue which would allow any S3 bucket to send events to the queue. 我正在尝试为SQS队列创建一个策略,该策略允许任何S3存储桶将事件发送到队列。 I don't seem to be able to do this for a specific S3 queue because I end up with circular dependencies. 我似乎无法为特定的S3队列执行此操作,因为我最终得到循环依赖。

I've created a cloudformation template which will create the queue and policy, but when I try and manually setup the S3 bucket to send the events I get a message saying 我已经创建了一个用于创建队列和策略的cloudformation模板,但是当我尝试手动设置S3存储桶以发送事件时,我收到一条消息说

Permissions on the destination queue do not allow S3 to publish notifications from this bucket 目标队列上的权限不允许S3从此存储桶发布通知

The template section that I'm using to create the policy is: 我用来创建策略的模板部分是: 

    "SQSNotifcationFromS3" : {
        "Type" :        "AWS::SQS::QueuePolicy",
        "DependsOn" : "S3Notifications",
        "Properties" : {
            "PolicyDocument" : {
                "Version": "2012-10-17",
                "Id": "SQSIDsimon",
                "Statement": [
                    {
                        "Sid": "example-statement-ID",
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "s3.amazonaws.com"
                            },
                        "Action": "SQS:*",
                        "Resource": { "Ref" : "S3Notifications"}
                    }
                ]                  
            },
            "Queues" :      [ { "Ref" : "S3Queue" } ]
        }
    }

2 个解决方案

解决方案1
 6 已采纳  2016-09-21 13:52:03

In the end, I found a solution for this - I set the permissions on the SQS so that any S3 bucket could add events to the queue: 最后,我找到了一个解决方案 - 我在SQS上设置了权限,以便任何S3存储桶都可以向队列添加事件: 

    "S3EventQueuePolicy" : {
        "Type" : "AWS::SQS::QueuePolicy",
        "DependsOn" : [ "S3EventQueue" ],
        "Properties" : {
            "PolicyDocument" : {
                "Id": "SQSPolicy",
                "Statement": [
                    {
                        "Sid": "SQSEventPolicy",
                        "Effect": "Allow",
                        "Principal": "*",
                        "Action": "SQS:*",
                        "Resource": "*",
                        "Condition": {
                            "ArnLike": {
                                "aws:SourceArn": "arn:aws:s3:::*"
                            }
                        }
                    }
                ]
            },
            "Queues" : [ { "Ref" : "S3EventQueue"} ]
        }            
    },

解决方案2
 0  2016-08-31 17:00:54

In the AWS console, did you confirm that the queue has successfully granted permissions to the s3 bucket? 在AWS控制台中,您是否确认队列已成功授予对s3存储桶的权限? In SQS, select the queue and look at the permissions tab. 在SQS中,选择队列并查看权限选项卡。

Looking at your template snippet above, I'm not sure what "S3Notifications" points to but I'll assume it's the S3 bucket. 看看上面的模板片段,我不确定“S3Notifications”指向的是什么,但我认为它是S3存储桶。 The SQS policy document "Resource" should be the ARN of the S3 bucket. SQS策略文档“Resource”应该是S3存储桶的ARN。 The "Ref" function on an S3 bucket has a Reference Value of "Name". S3存储桶上的“Ref”功能的参考值为“Name”。 You need ARN I believe. 我相信你需要ARN。

See: http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSExamples.html 请参阅: http//docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSExamples.html

and: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html 和: http//docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法使用配置的 SQS 策略验证 Cloudformation 中的以下目标配置以获取 S3 到 SQS 通知 - Unable to validate the following destination configurations in Cloudformation for S3 to SQS notifications with a configured SQS policy 需要有关 CloudFormation 模板和 AWS lambda 的帮助,以便通过 lambda 将事件从 SQS 拉到 S3 - Need help on CloudFormation template and AWS lambda for pulling events from SQS to S3 via lambda 如何为 S3 事件编写加密 SQS 的策略声明? - How do I write the policy statement of an encrypted SQS for S3 events? AWS SQS 中缺少 s3 事件 - Missing s3 events in AWS SQS CloudFormation - 无法创建 SQS 策略 - CloudFormation - not able to create SQS Policy aws cloudformation s3 事件通知 SQS 不起作用 - aws cloudformation s3 event notification to SQS not working 将S3事件订阅到SQS队列而不向世界公开SQS? - Subscribe S3 events to SQS queue without exposing SQS to the world? 将 s3 Bucket 乘以 tigger 的 aws sqs 的策略是什么 - What will the policy of aws sqs which is tigger by multiply s3 Bucket CloudFormation CloudTrail S3 策略错误 - 检测到存储桶的 S3 存储桶策略不正确 - CloudFormation CloudTrail S3 Policy Error - Incorrect S3 bucket policy is detected for bucket 使用cloudformation更新S3存储桶的IAM策略 - Update IAM policy for S3 bucket using cloudformation
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM