[英]Using CDK, SNS topic Policy Statement, use actions: ["sns:*"], Cloudformation results in "Policy statement action out of service scope!"
Unable to refer to all SNS actions with the * in CDK.无法在 CDK 中引用带有 * 的所有 SNS 操作。
const MyTopicPolicy = new sns.TopicPolicy(this, 'MyTopicSNSPolicy', {
topics: [MyTopic],
});
MyTopicPolicy.document.addStatements(new iam.PolicyStatement({
sid: "0",
actions: ["sns:*"],
principals: [new iam.AnyPrincipal()]
resources: [MyTopic.topicArn],
conditions: {"StringEquals": {"AWS:SourceOwner":"1212121212"}},
}));
When I do the cdk synth, I get the following snippet in my template:当我执行 cdk synth 时,我在模板中得到以下片段:
"MyTopicSNSPolicyE244CE5D": {
"Type": "AWS::SNS::TopicPolicy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "SNS:*",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "1212121212"
}
},
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Resource": {
"Ref": "MyTopic62D646CB"
},
"Sid": "0"
}
],
....which looks good. ....看起来不错。 But then when I build in cloudformation, I get the following error in the Events:
但是当我在 cloudformation 中构建时,我在事件中收到以下错误:
Invalid parameter: Policy statement action out of service scope! (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter
The policy statement may only include supported SNS policy actions :政策声明可能只包括支持的 SNS 政策行动:
actions: ['sns:Publish', 'sns:Subscribe'], // etc.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.