[英]User is not authorized to perform: SNS:CreateTopic on resource
I wanted to monitor certain parameters (TotalErrorRate and Latency) with CloudWatch and I wanted a "Simple Notification Service" (SNS) to send me an email, when an (cloudWatch) alarm is thrown:我想使用 CloudWatch 监控某些参数(TotalErrorRate 和 Latency),并且我想要一个“简单通知服务”(SNS)在抛出(cloudWatch)警报时向我发送电子邮件:
EscalationTopic:
Type: "AWS::SNS::Topic"
Properties:
DisplayName: My Monitoring
Subscription:
- Endpoint: !Ref EmailForNotification
Protocol: email
EscalationTopicEmailSubscriber:
Type: "AWS::SNS::Subscription"
Properties:
Endpoint: !Ref EmailForNotification
Protocol: email
TopicArn: !Ref EscalationTopic
But I get this error: User is not authorized to perform: SNS:CreateTopic on resource(Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError
(see screenshot)但我收到此错误:
User is not authorized to perform: SNS:CreateTopic on resource(Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError
(see screenshot)
What I did to solve it, is creating a topicPolicy:我为解决它所做的是创建一个 topicPolicy:
SNSTopicPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
Topics:
- !Ref EscalationTopic
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'sns:CreateTopic'
Resource: !Ref EscalationTopic
Principal:
AWS: '*'
But the problem still persists.但问题仍然存在。
EDIT: In the SNS console, I could manually create a new topic.编辑:在 SNS 控制台中,我可以手动创建一个新主题。 Shouldn't it mean that I got the permission in order to createTopic?
这不应该意味着我获得了创建Topic的许可吗?
The error message states the problem quite accurately.错误消息非常准确地说明了问题。 The credentials used to create the CloudFormation stack (presumably your login credentials unless you specified a Role during stack creation) is not authorized to create an Amazon SNS topic.
用于创建 CloudFormation 堆栈的凭证(大概是您的登录凭证,除非您在堆栈创建期间指定了角色)无权创建 Amazon SNS 主题。
You should look at the permissions associated with your IAM User and add the necessary permissions.您应该查看与您的 IAM 用户关联的权限并添加必要的权限。
Adding an SNS Topic Policy will have no impact because it is used to give SNS a set of permissions, whereas you need permissions to create the Topic itself.添加 SNS 主题策略不会有任何影响,因为它用于为 SNS 提供一组权限,而您需要权限来创建主题本身。
I had a similar issue with Amazon SES.我在 Amazon SES 上遇到了类似的问题。 Apparently my "AmazonSESFullAccess" permission wasn't enough and I solved it by adding the "AmazonSNSFullAccess" permission to my IAM user at https://console.aws.amazon.com/iam/home#/users/MY_IAM_USER_NAME_GOES_HERE
显然我的“AmazonSESFullAccess”权限还不够,我通过在https://console.aws.amazon.com/iam/home#/users/MY_IAM_USER_NAME_GOES_HERE向我的 IAM 用户添加“AmazonSNSFullAccess”权限解决了这个问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.