堆栈内存溢出
  简体   繁体   English

AWS Video Rekognition 未将结果发布到 SNS 主题

[英]AWS Video Rekognition is not publishing results to SNS Topic

 原文  2019-09-12 21:56:35       node.js/ amazon-web-services/ amazon-sns/ amazon-rekognition

问题描述

Running some nodejs aws rekognition to detect labels in mp4 video, but it will not publish to the specified SNS topic when complete.运行一些 nodejs aws rekognition 来检测 mp4 视频中的标签,但完成后它不会发布到指定的 SNS 主题。 I don't get any permission errors when submitting the request with the topic/ROLE arns.使用主题/ROLE arns 提交请求时,我没有收到任何权限错误。

const AWS = require('aws-sdk');
AWS.config.update(
    {
        region: 'us-west-2',
        accessKeyId: "asdfadsf",
        secretAccessKey: "asdfasdfasdfasd1234123423"
    }
);


const params = {
    Video: {
        S3Object: {
            Bucket: 'myvidebucket',
            Name: '5d683b81760ec59c2015.mp4'
        }
    },
    NotificationChannel: {
        RoleArn: 'arn:aws:iam::xxxxxxxxxxxxx:role/AmazonRekognitionSNSSuccessFeedback',
        SNSTopicArn: 'arn:aws:sns:us-west-2:xxxxxxxxxxxxx:recoknize',
    },
    MinConfidence: 60
};


rekognition.startLabelDetection(params).promise().then(data => {
    console.log(JSON.stringify(data));
}).catch(error => {
    console.log(error);
});

That code executes with no errors, and I get back a job id.该代码执行时没有错误,我得到了一个作业 ID。 My SNS topic subscription is confirmed, and supposed to post to my HTTPS endpoint.我的 SNS 主题订阅已确认,并且应该发布到我的 HTTPS 端点。 But nothing ever arrives, and there are no error logs anywhere in AWS console about this.但是什么都没有到达,并且 AWS 控制台中的任何地方都没有关于此的错误日志。

When I manually access the rekogniztion by jobid, the data comes back fine so I know it finished correctly.当我通过 jobid 手动访问 rekogniztion 时,数据返回正常,所以我知道它正确完成。 Something strange has to be going on with IAM permissions. IAM 权限一定会发生一些奇怪的事情。

3 个解决方案

解决方案1
 3 已采纳  2019-09-15 11:26:12

I have reviewed and tested your nodejs code successfully and I don't see anything wrong with it.我已经成功地查看并测试了你的 nodejs 代码,我没有发现它有什么问题。

Since, the code returns the AWS Rekognition "JobId" successfully, you can review your SNS configuration and check if it matches the following:由于代码成功返回 AWS Rekognition“JobId”,您可以查看您的 SNS 配置并检查它是否与以下内容匹配:

1. On your SNS topic ( 'arn:aws:sns:us-west-2:xxxxxxxxxxxxx:recoknize' ), navigate to the access policy and check if you have a policy similar to the following : 1.在您的SNS 主题( 'arn:aws:sns:us-west-2:xxxxxxxxxxxxx:recoknize' ) 上,导航到访问策略并检查您是否有类似于以下内容的策略:

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "Service": "rekognition.amazonaws.com"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish",
        "SNS:Receive"
      ],
      "Resource": "arn:aws:sns:us-west-2:XXXXXXXXXXXX:AmazonRekognitionTopic"
    }
  ]
}

2. On your IAM role ('arn:aws:iam::xxxxxxxxxxxxx:role/AmazonRekognitionSNSSuccessFeedback') , make sure of the following: 2.在您的IAM 角色('arn:aws:iam::xxxxxxxxxxxxx:role/AmazonRekognitionSNSSuccessFeedback') 上,确保以下内容:

(i) The "Trust relationship" of your role has the following statement : (i)您角色的“信任关系”有以下声明:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service":"rekognition.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

(ii) The role has an attached policy document similar to one given below: (ii)该角色附有一份类似于以下给出的政策文件:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:publish"
            ],
            "Resource": "*"
        }
    ]
}

The successful published message from Amazon Rekognition to SNS topic should output something similar to:从 Amazon Rekognition 成功发布到 SNS 主题的消息应输出类似以下内容:

"JobId":"8acd9edd6edfb0e4985f8cd269e4863e54f7fcd451af6aafe10b32996dedbdba","Status":"SUCCEEDED","API":"StartLabelDetection","Timestamp":1568544553927,"Video":{"S3ObjectName":"final.mp4","S3Bucket":"syumak-rekognition"}}

Hope this helps.希望这可以帮助。

解决方案2
 0  2020-12-10 11:09:38

Buried in the docs - it's apparent that https://docs.aws.amazon.com/rekognition/latest/dg/api-video-roles.html#api-video-roles-all-topics埋在文档中 - 很明显https://docs.aws.amazon.com/rekognition/latest/dg/api-video-roles.html#api-video-roles-all-topics

AmazonRekognitionServiceRole gives Amazon Rekognition Video access to Amazon SNS TOPICS that are PREFIXED with AmazonRekognition. AmazonRekognitionServiceRole 允许 Amazon Rekognition Video 访问以 AmazonRekognition 为前缀的 Amazon SNS 主题。

It doesn't say the role ARN needs to be prefixed.它没有说角色 ARN 需要加前缀。 But won't hurt.但是不会痛。 Double check your TOPIC is AmazonRekognitionMyTopicName仔细检查您的主题是 AmazonRekognitionMyTopicName

 RoleArn: 'arn:aws:iam::xxxxxxxxxxxxx:role/AmazonRekognitionSNSSuccessFeedback', <- don't think this is so important.
SNSTopicArn: 'arn:aws:sns:us-west-2:xxxxxxxxxxxxx:recoknize', <- Must be something like AmazonRekognitionSuccess

Also - this helped / I moved off the FIFO which allows subscribing via email in addition to SQS.另外 - 这有帮助/我移出了 FIFO,它允许除 SQS 之外通过电子邮件订阅。 https://docs.aws.amazon.com/rekognition/latest/dg/video-troubleshooting.html https://docs.aws.amazon.com/rekognition/latest/dg/video-troubleshooting.html

This line Verify that you have an IAM service role that gives Amazon Rekognition Video permissions to publish to your Amazon SNS topics.此行验证您是否拥有一个 IAM 服务角色,该角色授予 Amazon Rekognition Video 发布到您的 Amazon SNS 主题的权限。 For more information, see Configuring Amazon Rekognition Video.有关更多信息,请参阅配置 Amazon Rekognition Video。

I created a new IAM and gave it AmazonRekognitionFullAccess AmazonSNSRole AmazonSNSFullAccess我创建了一个新的 IAM 并为其提供了 AmazonRekognitionFullAccess AmazonSNSRole AmazonSNSFullAccess

I updated the trust relationship to include both sns.amazonaws.com / rekognition.amazonaws.com.我更新了信任关系以包括 sns.amazonaws.com / rekognition.amazonaws.com。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "sns.amazonaws.com",
          "rekognition.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Not sure which one of these made everything click - but was a good half day on this / hopefully this will save someone some time.不确定其中哪一个让所有内容都点击了 - 但这是一个很好的半天时间/希望这会为某人节省一些时间。

解决方案3
 0  2022-11-25 20:47:33

  1. Trust relationship solved it for me .信任关系为我解决了 Add the below script to the trust relationship of the IAM that will be used as RoleARn for the script:将以下脚本添加到将用作脚本 RoleARn 的 IAM 的信任关系中:

     { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": [ "sns.amazonaws.com", "rekognition.amazonaws.com", "sagemaker.amazonaws.com" ] }, "Action": "sts:AssumeRole", "Condition": {} }] }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS SNS 主题策略 Cloudformation - AWS SNS Topic Policy Cloudformation AWS SQS 订阅 SNS 主题高延迟 - AWS SQS subscribed to SNS topic high latency 了解 AWS SNS 主题的创建时间 - Know when AWS SNS topic was created Android 应用程序上使用 AWS Rekognition 的 AWS Kinesis Video Streaming - AWS Kinesis Video Streaming with AWS Rekognition on Android App 如何取消订阅 email 的 AWS SNS 主题? - How to unsubscribe email from AWS SNS Topic? 我可以创建对 AWS SNS 主题的 Slack 订阅吗? - Can I create Slack subscriptions to an AWS SNS topic? 使用 Lambda 和 SNS 主题自动进行 AWS VPC 对等 - AWS VPC Peering Automatically using Lambda and SNS Topic 如何将 Firebase Cloud Messaging(FCM) 主题与 AWS SNS 结合使用 - How to use Firebase Cloud Messaging(FCM) topic with AWS SNS AWS CloudFormation中如何使用email动态列表订阅SNS主题? - How to use email dynamic list to SNS Topic Subscription in AWS CloudFormation? Amazon Rekognition Video 的 MaxLabels 不起作用 - MaxLabels for Amazon Rekognition Video not working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM