将消息从多个 SNS 主题发送到单个 Amazon SQS
[英]Send messages from multiple SNS topics to a single Amazon SQS
问题描述
New to Terraform! 
Terraform 的新功能!
I am trying to send messages from two SNS topics SNSA and SNSB to an Amazon SQS everything is good when i do a plz plan in my local and "then" i try to deploy through JENKINS which gives me an error saying:我正在尝试将来自两个 SNS 主题SNSA和SNSB的消息发送到 Amazon SQS ,当我在本地执行plz plan时一切都很好,然后“然后”我尝试通过 JENKINS 进行部署,这给了我一个错误提示:
Error: error creating SNS topic subscription: AuthorizationError: User: arn:aws:sts::325400131687:assumed-role/JENKINSDEPLOY/ is not authorized to perform:
SNS:Subscribe on resource: arn:aws:sns:us-east-1:453101592424:snsb
Interesting thing here is SNSA doesn't have this problem and i get an output saying aws_sns_topic_subscription.snsa: Creation complete after 1s有趣的是 SNSA 没有这个问题,我得到一个 output 说aws_sns_topic_subscription.snsa: Creation complete after 1s
I gave same permissions to both the SNSs, My two cents is on the Roles/Perms which i think i messed up!!我给了两个 SNS 相同的权限,我的两分钱是在我认为我搞砸了的Roles/Perms权限上! Because when i try to re-order the SNS topics in my MsgPerm.yml (placing SNSB first followed by SNSA) this time SNSB gets created and got the same error for SNSA因为当我尝试在我的MsgPerm.yml中重新排序 SNS 主题时(先放置 SNSB,然后放置 SNSA),这次创建了 SNSB 并得到了与 SNSA 相同的错误
Any suggestions or comments related to this issue, will be appreciated, thanks任何与此问题相关的建议或意见,将不胜感激,谢谢
my roles and permissions are setup as below:我的角色和权限设置如下:
MsgPerm.yml
---
statements:
-
effect: "Allow"
actions:
- "sqs:AddPermission"
- "sqs:CreateQueue"
- "sqs:DeleteQueue"
- "sqs:Get*"
- "sqs:List*"
- "sqs:PurgeQueue"
- "sqs:RemovePermission"
- "sqs:SetQueueAttributes"
- "sqs:TagQueue"
- "sqs:UnTagQueue"
resources:
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:myproject*"
-
effect: "Allow"
actions:
- "sqs:SendMessage"
- "sqs:SendMessageBatch"
- "sqs:ReceiveMessage"
- "sqs:DeleteMessage"
- "sqs:DeleteMessageBatch"
- "sqs:DeleteQueue"
- "sqs:CreateQueue"
- "sqs:AddPermission"
- "sqs:PurgeQueue"
- "sqs:RemovePermission"
- "sqs:TagQueue"
- "sqs:UntagQueue"
- "sqs:Set*"
- "sqs:Get*"
- "sqs:List*"
resources:
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:myproject*"
- "arn:aws:sns:us-east-1:453101592424:snsa"
- "arn:aws:sns:us-east-1:453101592424:snsb"
-
effect: "Allow"
actions:
- "sns:CreateTopic"
- "sns:DeleteTopic"
- "sns:Subscribe"
- "sns:Unsubscribe"
- "sns:AddPermission"
- "sns:RemovePermission"
- "sns:Receive"
- "sns:Publish"
- "sns:TagResource"
- "sns:UntagResource"
- "sns:Set*"
- "sns:Get*"
- "sns:List*"
resources:
- !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:PREFIX*"
- "arn:aws:sns:us-east-1:453101592424:snsa"
- "arn:aws:sns:us-east-1:453101592424:snsb"
JENKINSDEPLOY.yml
---
managedPolicyArns:
-
name: Enterprise/GoldenVPCRequirements
cignamanaged: true
-
name: AmazonAPIGatewayAdministrator
awsmanaged: true
-
name: MsgPerm
awsmanaged: false
-
name: SecurityPerm
awsmanaged: false
federated: true
and finally my sns.tf file最后是我的sns.tf文件
resource "aws_sns_topic_subscription" "snsa" {
topic_arn = "arn:aws:sns:${var.datastore_account_region}:${var.datastore_account_id}:${var.sns_topic_snsa}"
protocol = "sqs"
endpoint = aws_sqs_queue.incoming.arn
depends_on = [
aws_sqs_queue.incoming
]
}
resource "aws_sns_topic_subscription" "snsb" {
topic_arn = "arn:aws:sns:${var.datastore_account_region}:${var.datastore_account_id}:${var.sns_topic_snsb}"
protocol = "sqs"
endpoint = aws_sqs_queue.incoming.arn
depends_on = [
aws_sqs_queue.incoming
]
}
1 个解决方案
解决方案1
0 2021-04-14 04:18:16
Your error message writes:您的错误消息写道:
arn:aws:sns:us-east-1:453101592424:SNSB
but your policy uses (different case snsb ):但您的政策使用(不同情况snsb ):
arn:aws:sns:us-east-1:453101592424:snsb
Topic names are case sensitive .主题名称区分大小写。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.