堆栈内存溢出
  简体   繁体   English

使用CDK,SNS主题Policy Statement,使用actions:["sns:*"],Cloudformation导致“Policy statement action out of service scope!”

[英]Using CDK, SNS topic Policy Statement, use actions: ["sns:*"], Cloudformation results in "Policy statement action out of service scope!"

 原文  2022-04-28 18:37:14       typescript/ amazon-web-services/ amazon-sns/ aws-cdk

问题描述

Unable to refer to all SNS actions with the * in CDK.无法在 CDK 中引用带有 * 的所有 SNS 操作。

 const MyTopicPolicy = new sns.TopicPolicy(this, 'MyTopicSNSPolicy', {
        topics: [MyTopic],
            }); 
            
            MyTopicPolicy.document.addStatements(new iam.PolicyStatement({
              sid: "0",
              actions: ["sns:*"],
              principals: [new iam.AnyPrincipal()]
              resources: [MyTopic.topicArn],
              conditions: {"StringEquals": {"AWS:SourceOwner":"1212121212"}},
            }));

When I do the cdk synth, I get the following snippet in my template:当我执行 cdk synth 时,我在模板中得到以下片段:

 "MyTopicSNSPolicyE244CE5D": {
   "Type": "AWS::SNS::TopicPolicy",
   "Properties": {
    "PolicyDocument": {
     "Statement": [
      {
       "Action": "SNS:*",
       "Condition": {
        "StringEquals": {
         "AWS:SourceOwner": "1212121212"
        }
       },
       "Effect": "Allow",
       "Principal": {
        "AWS": "*"
       },
       "Resource": {
        "Ref": "MyTopic62D646CB"
       },
       "Sid": "0"
      }
     ],

....which looks good. ....看起来不错。 But then when I build in cloudformation, I get the following error in the Events:但是当我在 cloudformation 中构建时,我在事件中收到以下错误:

Invalid parameter: Policy statement action out of service scope! (Service: AmazonSNS; Status Code: 400; Error Code: InvalidParameter

1 个解决方案

解决方案1
 2  2022-04-29 09:38:29

The policy statement may only include supported SNS policy actions :政策声明可能只包括支持的 SNS 政策行动

actions: ['sns:Publish', 'sns:Subscribe'], // etc.

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS SNS 主题策略 Cloudformation - AWS SNS Topic Policy Cloudformation 如何使用过滤策略从 SNS 主题中排除 cloudwatch 警报? - How to exclude cloudwatch alarns from SNS topic using filter policy? 使用访问策略访问加密的 SNS 主题 - Accessing an Encrypted SNS Topic with Access policy boto3 SNS:订阅主题时添加过滤策略 - boto3 SNS: Add a filter policy while subscribing to a topic AWS CloudFormation中如何使用email动态列表订阅SNS主题? - How to use email dynamic list to SNS Topic Subscription in AWS CloudFormation? 使用 CDK 授予对 SNS 主题订阅上的死信队列的权限 - Using CDK to grant permissions to Dead Letter Queue on SNS Topic Subscription 修改检查器的访问策略 SNS - modify the Access policy SNS for inpector CloudFormation 声称 KMS 策略声明主体无效 - CloudFormation claims KMS policy statement principals are invalid AWS SNS:多个 SourceOwner 的不同策略 - AWS SNS: Different policy for multiple SourceOwner AWS Video Rekognition 未将结果发布到 SNS 主题 - AWS Video Rekognition is not publishing results to SNS Topic
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM