AWS CloudFormation 仅将 SNS 限制为特定的 SQS 队列
[英]AWS CloudFormation Restricting SNS to specific SQS Queues only
问题描述
I'm modifying an AWS CloudFormation template with the intention of ensuring that SNS Topic A is the only topic that can publish to SQS Queue 1 and SQS Queue 2 .
我正在修改 AWS CloudFormation 模板,以确保SNS 主题 A是唯一可以发布到SQS Queue 1和SQS Queue 2 的主题。 This is what I have:这就是我所拥有的:
SomeOtherQueue:
Type: AWS::SQS::Queue
InboundQueue:
Type: AWS::SQS::Queue
InboundCopyQueue:
Type: AWS::SQS::Queue
InboundTopic:
Type: AWS::SNS::Topic
Properties:
Subscription:
- Endpoint:
Fn::GetAtt:
- InboundQueue
- Arn
Protocol: sqs
InboundQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Id: InboundQueuePolicy
Statement:
- Sid: Allow-SendMessage-To-Inbound-Queue-Only
Effect: Allow
Principal:
Service:
- sns.amazonaws.com
Action:
- sqs:SendMessage
Resource: "*"
Queues:
- Ref: InboundQueue
- Ref: InboundCopyQueue
The above defines a set of queues, a topic with a subscription to some the relevant queues and a queue policy that is meant to restrict which topic can publish to the referenced queues.上面定义了一组队列,一个订阅了一些相关队列的主题和一个队列策略,用于限制哪个主题可以发布到引用的队列。
What I'm trying to understand is how to go about ensuring that InboundQueuePolicy applies to InboundTopic only.我想要了解的是如何去确保InboundQueuePolicy仅适用于InboundTopic。 I cannot seem to find the correct syntax for referencing InboundTopic as the resource for InboundQueuePolicy .我似乎无法找到正确的语法引用InboundTopic作为InboundQueuePolicy资源。
Any assistance with getting the correct syntax would be greatly appreciated.任何获得正确语法的帮助将不胜感激。
Thanks谢谢
1 个解决方案
解决方案1
0 2020-02-07 04:01:13
I believe you could add a condition to your policy that uses the aws:SourceArn key.我相信您可以在使用aws:SourceArn键的策略中添加一个条件。 AWS Global Condition Context Keys - Source ARN AWS 全局条件上下文键 - 源 ARN
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.