[英]Send messages from multiple SNS topics to a single Amazon SQS
New to Terraform! Terraform 的新功能!
I am trying to send messages from two SNS topics SNSA
and SNSB
to an Amazon SQS
everything is good when i do a plz plan
in my local and "then" i try to deploy through JENKINS which gives me an error saying:我正在尝试将来自两个 SNS 主题
SNSA
和SNSB
的消息发送到 Amazon SQS
,当我在本地执行plz plan
时一切都很好,然后“然后”我尝试通过 JENKINS 进行部署,这给了我一个错误提示:
Error: error creating SNS topic subscription: AuthorizationError: User: arn:aws:sts::325400131687:assumed-role/JENKINSDEPLOY/ is not authorized to perform:
SNS:Subscribe on resource: arn:aws:sns:us-east-1:453101592424:snsb
Interesting thing here is SNSA doesn't have this problem and i get an output saying aws_sns_topic_subscription.snsa: Creation complete after 1s
有趣的是 SNSA 没有这个问题,我得到一个 output 说
aws_sns_topic_subscription.snsa: Creation complete after 1s
I gave same permissions to both the SNSs, My two cents is on the Roles/Perms
which i think i messed up!!我给了两个 SNS 相同的权限,我的两分钱是在我认为我搞砸了的
Roles/Perms
权限上! Because when i try to re-order the SNS topics in my MsgPerm.yml
(placing SNSB first followed by SNSA) this time SNSB gets created and got the same error for SNSA因为当我尝试在我的
MsgPerm.yml
中重新排序 SNS 主题时(先放置 SNSB,然后放置 SNSA),这次创建了 SNSB 并得到了与 SNSA 相同的错误
Any suggestions or comments related to this issue, will be appreciated, thanks任何与此问题相关的建议或意见,将不胜感激,谢谢
my roles and permissions are setup as below:我的角色和权限设置如下:
MsgPerm.yml
---
statements:
-
effect: "Allow"
actions:
- "sqs:AddPermission"
- "sqs:CreateQueue"
- "sqs:DeleteQueue"
- "sqs:Get*"
- "sqs:List*"
- "sqs:PurgeQueue"
- "sqs:RemovePermission"
- "sqs:SetQueueAttributes"
- "sqs:TagQueue"
- "sqs:UnTagQueue"
resources:
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:myproject*"
-
effect: "Allow"
actions:
- "sqs:SendMessage"
- "sqs:SendMessageBatch"
- "sqs:ReceiveMessage"
- "sqs:DeleteMessage"
- "sqs:DeleteMessageBatch"
- "sqs:DeleteQueue"
- "sqs:CreateQueue"
- "sqs:AddPermission"
- "sqs:PurgeQueue"
- "sqs:RemovePermission"
- "sqs:TagQueue"
- "sqs:UntagQueue"
- "sqs:Set*"
- "sqs:Get*"
- "sqs:List*"
resources:
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:myproject*"
- "arn:aws:sns:us-east-1:453101592424:snsa"
- "arn:aws:sns:us-east-1:453101592424:snsb"
-
effect: "Allow"
actions:
- "sns:CreateTopic"
- "sns:DeleteTopic"
- "sns:Subscribe"
- "sns:Unsubscribe"
- "sns:AddPermission"
- "sns:RemovePermission"
- "sns:Receive"
- "sns:Publish"
- "sns:TagResource"
- "sns:UntagResource"
- "sns:Set*"
- "sns:Get*"
- "sns:List*"
resources:
- !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:PREFIX*"
- "arn:aws:sns:us-east-1:453101592424:snsa"
- "arn:aws:sns:us-east-1:453101592424:snsb"
JENKINSDEPLOY.yml
---
managedPolicyArns:
-
name: Enterprise/GoldenVPCRequirements
cignamanaged: true
-
name: AmazonAPIGatewayAdministrator
awsmanaged: true
-
name: MsgPerm
awsmanaged: false
-
name: SecurityPerm
awsmanaged: false
federated: true
and finally my sns.tf
file最后是我的
sns.tf
文件
resource "aws_sns_topic_subscription" "snsa" {
topic_arn = "arn:aws:sns:${var.datastore_account_region}:${var.datastore_account_id}:${var.sns_topic_snsa}"
protocol = "sqs"
endpoint = aws_sqs_queue.incoming.arn
depends_on = [
aws_sqs_queue.incoming
]
}
resource "aws_sns_topic_subscription" "snsb" {
topic_arn = "arn:aws:sns:${var.datastore_account_region}:${var.datastore_account_id}:${var.sns_topic_snsb}"
protocol = "sqs"
endpoint = aws_sqs_queue.incoming.arn
depends_on = [
aws_sqs_queue.incoming
]
}
Your error message writes:您的错误消息写道:
arn:aws:sns:us-east-1:453101592424:SNSB
but your policy uses (different case snsb
):但您的政策使用(不同情况
snsb
):
arn:aws:sns:us-east-1:453101592424:snsb
Topic names are case sensitive .主题名称区分大小写。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.