AWS SNS edit topic policy - C#
Question
I have an SNS service, I'm looking for the way to create this part of the policy using the C# sdk:
{
"Sid": "__console_sub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Subscribe",
"SNS:Receive"
],
"Resource": "arn:aws:sns:MYARN"
}
This is what I see when I set it from the browser console for "Allow these users to publish messages to this topic" and "Allow these users to subscribe to this topic", for now it should be open to all.
What I've tried so for:
1)
Policy snsPolicy = new Policy().WithStatements(
new Amazon.Auth.AccessControlPolicy.Statement(Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow)
.WithPrincipals(Principal.AllUsers)
.WithResources(new Resource("arn:aws:sns:MYARN"))
);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = "test val";
Result:
Invalid parameter: Policy Error: null
2)
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
List<string> tl = new List<string>();
tl.Add("*");
List<string> tl2 = new List<string>();
tl2.Add("SNS:Subscribe");
tl2.Add("SNS:Receive");
Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);
Result:
Invalid parameter: Policy statement action out of service scope!
In both cases, I'm not even sure these are the right command for it. Can anyone set me on the right path?
Thank you
EDIT
I've created a statment and added it to a policy as suggested, and used it for SetTopicAttributesRequest:
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
But the error "Invalid parameter: Policy Error: null" is the same.
1 answers
solution1
1 2018-12-27 13:33:40
As per AWS documentation, you should use Policy object found in the Amazon.Auth.AccessControlPolicy
The following code creates the policy object. For this case, you need only one statement. It has a resource of bucket + username and the GET and PUT actions. As an added security measure, let's add a condition that locks the GET and PUT request to the IP address of the desktop client.
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}
Check this link for more information.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.