不同区域上AmazonIpSpaceChanged的SNS订阅错误
[英]SNS subscription error for AmazonIpSpaceChanged on different region
问题描述
Why is it that I can't susbscribe SNS on AmazonIpSpaceChanged? 
为什么我不能在AmazonIpSpaceChanged上保留SNS? Please check, I need your guidance. 请检查,我需要您的指导。
The guide I basically followed with is How to Automatically Update Your Security Groups for Amazon CloudFront and AWS WAF by Using AWS Lambda from the AWS Security blog. 我基本上遵循的指南是如何使用 AWS Security博客中的AWS Lambda自动更新Amazon CloudFront和AWS WAF的安全组 。
Here's an output of the terminal: 这是终端的输出:
➜ terminal $ cat ~/.aws/config [default] region = ap-southeast-1 ➜ terminal $ aws sns subscribe --topic-arn arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged --protocol lambda --notification-endpoint arn:aws:lambda:ap-southeast-1:accountid_removed:function:cloudfront-securitygroup-controller An error occurred (InvalidParameter) when calling the Subscribe operation: Invalid parameter: TopicArn ➜ terminal $ AWS_REGION=ap-southeast-1 aws sns subscribe --topic-arn arn:aws:sns:ap-southeast-1:806199016981:AmazonIpSpaceChanged --protocol lambda --notification-endpoint arn:aws:lambda:ap-southeast-1:accountid_removed:function:cloudfront-securitygroup-controller An error occurred (AuthorizationError) when calling the Subscribe operation: User: arn:aws:iam::accountid_removed:user/removed@gmail.com is not authorized to perform: SNS:Subscribe on resource: arn:aws:sns:ap-southeast-1:806199016981:AmazonIpSpaceChanged
This is also the output when done through the AWS Web Console: 通过AWS Web Console完成时,这也是输出:
User: arn:aws:iam::accountid_removed:user/removed@gmail.com is not authorized to perform: SNS:Subscribe on resource: arn:aws:sns:ap-southeast-1:806199016981:AmazonIpSpaceChanged (Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError; Request ID: 0e87384a-e298-569e-bf2d-6a5718eedc40)
2 个解决方案
解决方案1
3 已采纳 2017-09-01 05:52:22
The error is because your API call must be made to the us-east-1 region, where the Amazon SNS topic is located. 该错误是因为您必须对Amazon SNS主题所在的us-east-1地区进行API调用。
$ aws sns subscribe --topic-arn arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged --protocol email --notification-endpoint xyzzy@mailinator.com --region us-east-1
{
"SubscriptionArn": "pending confirmation"
}
It appears that subscribe a AWS Lambda function in a different region works too (or, at least did not return an error): 似乎在其他区域中订阅AWS Lambda函数也可以工作(或者至少没有返回错误):
aws sns subscribe --topic-arn arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged --protocol lambda --notification-endpoint arn:aws:lambda:ap-southeast-2:123456789012:foo --region us-east-1
{
"SubscriptionArn": "arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged:37dab281-1e8f-16ba-8e4a-ef9de429101b"
}
解决方案2
1 2018-11-09 09:54:25
This is also possible from CloudFormation, with the (new) Region parameter. 也可以通过CloudFormation的(新)Region参数来实现。
Code snipped of CloudFormation (json) SNS resource: 摘录了CloudFormation(json)SNS资源的代码:
"LambdaAmazonIpSpaceChangedSubscription" : {
"Type" : "AWS::SNS::Subscription",
"Properties" : {
"Endpoint" : {"Fn::GetAtt" : ["LambdaFunction", "Arn"] },
"Protocol" : "lambda",
"TopicArn" : "arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged",
"Region": "us-east-1"
}
},
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.