堆栈内存溢出
  简体   繁体   English

在 cloudformation 中启用 SNS 传递状态日志记录配置

[英]Enable SNS Delivery Status Logging configuration in cloudformation

 原文  2019-11-26 15:08:03       amazon-cloudformation/ amazon-sns/ amazon-cloudwatch

问题描述

I'm trying to set up an SNS topic with AWS CloudFormation.我正在尝试使用 AWS CloudFormation 设置 SNS 主题。 I'm able to get the topics and its SQS subscriptions up and running, but I couldn't find a way to specify the delivery status logging options (the ones that tell the topic to write its logs to cloudwatch).我能够启动并运行主题及其 SQS 订阅,但我找不到指定传递状态日志记录选项的方法(告诉主题将其日志写入 cloudwatch 的选项)。

The official SNS/Cloudformation docs say nothing about this capability. 官方 SNS/Cloudformation 文档没有提及此功能。

I found here that apparently it's not implemented yet. 我在这里发现它显然还没有实现。 Does anyone have up-to-date status about this?有没有人有这方面的最新状态?

Below is the template (fragment) I have:下面是我的模板(片段):

SNSBouncesTopic:
  Type: AWS::SNS::Topic
  Properties: 
    DisplayName: SNS-Bounces
    Subscription: 
     - Endpoint: !GetAtt
        - SQSBouncesQueue
        - Arn
       Protocol: sqs
    TopicName: SNS-Bounces

The SQSBouncesQueue is another resource of the stack that handles the SNS messages. SQSBouncesQueue 是处理 SNS 消息的堆栈的另一个资源。

2 个解决方案

解决方案1
 9 已采纳  2019-12-05 04:56:22

At the moment, CloudFormation does not support enabling SNS Delivery Status Logging.目前,CloudFormation 不支持启用 SNS 传递状态日志记录。

You'll need to use either the console, SDK or CLI.您需要使用控制台、SDK 或 CLI。 If you still need to use CloudFormation workflow then review the following workaround below :如果您仍需要使用 CloudFormation 工作流程,请查看以下解决方法:

This workaround involves using a Lambda-backed custom resource to enable SNS Delivery Status logging by adding the necessary attributes to the SNS Topic.此解决方法涉及使用 Lambda 支持的自定义资源通过向 SNS 主题添加必要的属性来启用 SNS 传递状态日志记录。

A custom resource essentially triggers a Lambda function when your CFN stack is created, updated, or deleted.当您的 CFN 堆栈被创建、更新或删除时, 自定义资源实质上会触发 Lambda 函数。

To set up the topic attributes, you would need the following:要设置主题属性,您需要以下内容:

a) An IAM role with the permissions for the SNS service to assume the role. a)一个 IAM 角色,具有 SNS 服务代入该角色的权限。 It should include the following:它应包括以下内容:

  Permissions : 
  Actions : 
  "logs:CreateLogGroup"
  "logs:CreateLogStream”
  "logs:PutLogEvents”
  "logs:PutMetricFilter"
  "logs:PutRetentionPolicy"

b) An SNS Topic b) SNS 主题

c) The custom resource that takes in the IAM Role ARN and the SNS Topic ARN and invokes a Lambda function that sets the topic attributes accordingly. c)接受 IAM 角色 ARN 和 SNS 主题 ARN 并调用相应设置主题属性的 Lambda 函数的自定义资源。

In the Lambda function, you will need to specify the SNS TopicArn, set the topic attributes using set_topic_attributes() method.在 Lambda 函数中,您需要指定 SNS TopicArn,使用 set_topic_attributes() 方法设置主题属性。 For the AttributeName, you will have to specify it as “LambdaSuccessFeedbackRoleArn” to set the attribute for a successful delivery and as “LambdaFailureFeedbackRoleArn” to set the attribute for a failed delivery.对于 AttributeName,您必须将其指定为“LambdaSuccessFeedbackRoleArn”以设置成功交付的属性,并指定为“LambdaFailureFeedbackRoleArn”以设置失败交付的属性。

Note:笔记:

  1. The AttributeValue for both successful and failed would be the ARN of an IAM Role with access to modify the CloudWatch logs.成功和失败的 AttributeValue 都是具有修改 CloudWatch 日志的权限的 IAM 角色的 ARN。

  2. This function should be called twice, once to set the attribute for a successful delivery and another to set the attribute for a failed delivery.这个函数应该被调用两次,一次设置成功交付的属性,另一次设置失败交付的属性。

解决方案2
 0  2023-01-13 11:50:10

Having faced the same issue today trying to set up delivery status logging to SQS, my solution was to use CLI commands integrated into our CI/CD pipeline after using CloudFormation to create the IAM roles.今天遇到同样的问题,试图将交付状态记录到 SQS,我的解决方案是在使用 CloudFormation 创建 IAM 角色后,使用集成到我们的 CI/CD 管道中的 CLI 命令。

First I needed to discover the correct attributes names that should be applied to the topic for SQS delivery logging and that can be done using the following CLI command:首先,我需要发现应该应用于 SQS 传输日志记录主题的正确属性名称,并且可以使用以下 CLI 命令完成:

aws sns get-topic-attributes --topic-arn <topic-arn>

The required attributes for SQS are: SQS 所需的属性是:

  • SQSSuccessFeedbackRoleArn SQS成功反馈角色Arn
  • SQSFailureFeedbackRoleArn SQS失败反馈角色Arn
  • SQSSuccessFeedbackSampleRate SQS成功反馈抽样率

Thus the CLI commands to configure the required logging were as follows:因此,配置所需日志记录的 CLI 命令如下:

aws sns set-topic-attributes --topic-arn $TopicArn --attribute-name SQSSuccessFeedbackRoleArn --attribute-value $SuccessRoleArn
aws sns set-topic-attributes --topic-arn $TopicArn --attribute-name SQSFailureFeedbackRoleArn --attribute-value $FailureRoleArn
aws sns set-topic-attributes --topic-arn $TopicArn --attribute-name SQSSuccessFeedbackSampleRate --attribute-value 10

(above commands written in powershell) (以上命令用powershell编写)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用AWS CloudFormation为SNS订阅指定“原始邮件传递”? - Howto specify 'Raw Message Delivery' for an SNS subscription using AWS CloudFormation? SNS + CloudFormation - SNS + CloudFormation 通过cloudFormation模板启用日志记录S3? - Enable logging S3 via cloudFormation template? 从 cloudformation 为 ALB 启用访问日志记录 - Enable access logging for ALB from cloudformation 如何使用 Cloudformation 在 AWS WAF 中启用 WebACL 日志记录? - How to enable logging for WebACL in AWS WAF using Cloudformation? 具有SNS警报的URLHealthcheck的Cloudformation - Cloudformation for URLHealthcheck with SNS Alarm 通过 cloudformation 启用 object 登录 s3 存储桶 - Enable object logging on s3 bucket via cloudformation 如何通过 Cloudformation 模板为 AWS API GW 启用 Cloudwatch 日志记录 - How to enable Cloudwatch logging for AWS API GW via Cloudformation template CloudFormation:发布到SNS主题 - CloudFormation: Publish to SNS topic 我们能否更新 cloudformation 堆栈以将 kinesis 交付 stream 目标配置从 s3 更改为 elasticsearch? - Can we update a cloudformation stack to change kinesis delivery stream destination configuration from s3 to elasticsearch?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM