![](/img/trans.png)
[英]How to create and subscribe an Amazon SQS queue to an Amazon SNS topic in AWS CloudFormation?
[英]Send messages from multiple SNS topics to a single Amazon SQS
Terraform 的新功能!
我正在尝试将来自两个 SNS 主题SNSA
和SNSB
的消息发送到 Amazon SQS
,当我在本地执行plz plan
时一切都很好,然后“然后”我尝试通过 JENKINS 进行部署,这给了我一个错误提示:
Error: error creating SNS topic subscription: AuthorizationError: User: arn:aws:sts::325400131687:assumed-role/JENKINSDEPLOY/ is not authorized to perform:
SNS:Subscribe on resource: arn:aws:sns:us-east-1:453101592424:snsb
有趣的是 SNSA 没有这个问题,我得到一个 output 说aws_sns_topic_subscription.snsa: Creation complete after 1s
我给了两个 SNS 相同的权限,我的两分钱是在我认为我搞砸了的Roles/Perms
权限上! 因为当我尝试在我的MsgPerm.yml
中重新排序 SNS 主题时(先放置 SNSB,然后放置 SNSA),这次创建了 SNSB 并得到了与 SNSA 相同的错误
任何与此问题相关的建议或意见,将不胜感激,谢谢
我的角色和权限设置如下:
MsgPerm.yml
---
statements:
-
effect: "Allow"
actions:
- "sqs:AddPermission"
- "sqs:CreateQueue"
- "sqs:DeleteQueue"
- "sqs:Get*"
- "sqs:List*"
- "sqs:PurgeQueue"
- "sqs:RemovePermission"
- "sqs:SetQueueAttributes"
- "sqs:TagQueue"
- "sqs:UnTagQueue"
resources:
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:myproject*"
-
effect: "Allow"
actions:
- "sqs:SendMessage"
- "sqs:SendMessageBatch"
- "sqs:ReceiveMessage"
- "sqs:DeleteMessage"
- "sqs:DeleteMessageBatch"
- "sqs:DeleteQueue"
- "sqs:CreateQueue"
- "sqs:AddPermission"
- "sqs:PurgeQueue"
- "sqs:RemovePermission"
- "sqs:TagQueue"
- "sqs:UntagQueue"
- "sqs:Set*"
- "sqs:Get*"
- "sqs:List*"
resources:
- !Sub "arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:myproject*"
- "arn:aws:sns:us-east-1:453101592424:snsa"
- "arn:aws:sns:us-east-1:453101592424:snsb"
-
effect: "Allow"
actions:
- "sns:CreateTopic"
- "sns:DeleteTopic"
- "sns:Subscribe"
- "sns:Unsubscribe"
- "sns:AddPermission"
- "sns:RemovePermission"
- "sns:Receive"
- "sns:Publish"
- "sns:TagResource"
- "sns:UntagResource"
- "sns:Set*"
- "sns:Get*"
- "sns:List*"
resources:
- !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:PREFIX*"
- "arn:aws:sns:us-east-1:453101592424:snsa"
- "arn:aws:sns:us-east-1:453101592424:snsb"
JENKINSDEPLOY.yml
---
managedPolicyArns:
-
name: Enterprise/GoldenVPCRequirements
cignamanaged: true
-
name: AmazonAPIGatewayAdministrator
awsmanaged: true
-
name: MsgPerm
awsmanaged: false
-
name: SecurityPerm
awsmanaged: false
federated: true
最后是我的sns.tf
文件
resource "aws_sns_topic_subscription" "snsa" {
topic_arn = "arn:aws:sns:${var.datastore_account_region}:${var.datastore_account_id}:${var.sns_topic_snsa}"
protocol = "sqs"
endpoint = aws_sqs_queue.incoming.arn
depends_on = [
aws_sqs_queue.incoming
]
}
resource "aws_sns_topic_subscription" "snsb" {
topic_arn = "arn:aws:sns:${var.datastore_account_region}:${var.datastore_account_id}:${var.sns_topic_snsb}"
protocol = "sqs"
endpoint = aws_sqs_queue.incoming.arn
depends_on = [
aws_sqs_queue.incoming
]
}
您的错误消息写道:
arn:aws:sns:us-east-1:453101592424:SNSB
但您的政策使用(不同情况snsb
):
arn:aws:sns:us-east-1:453101592424:snsb
主题名称区分大小写。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.