[英]cloudformation lifecycle events cannot publish to sns
我正在嘗試在AWS Amazon cloudformation中為自動伸縮組創建生命周期事件,但是在部署堆棧時,我一直收到一個非常模棱兩可的錯誤:
Unable to publish test message to notification target arn:aws:sns:us-east-1:000000000000:example-topic using IAM role arn:aws:iam::000000000000:role/SNSExample. Please check your target and role configuration and try to put lifecycle hook again.
我已經測試了SNS主題,它可以很好地發送電子郵件,並且我的代碼似乎與Amazon建議的一致:
"ASGLifecycleEvent": {
"Type": "AWS::AutoScaling::LifecycleHook",
"Properties": {
"AutoScalingGroupName": "ASG-179ZOVNY8SEFT",
"LifecycleTransition": "autoscaling:EC2_INSTANCE_LAUNCHING",
"NotificationTargetARN": "arn:aws:sns:us-east-1:000000000000:example-topic",
"RoleARN": "arn:aws:iam::000000000000:role/SNSExample"
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "83129091-8efc-477d-86ef-9a08de4d6fac"
}
}
}
而且我已授予對該IAM角色中所有內容的完全訪問權限,但是仍然收到此錯誤消息。 是否有人有其他想法可能真正導致此錯誤?
你SNSExample
角色需要委派權限從AutoScalingNotificationAccessRole管理政策的autoscaling.amazonaws.com
通過相關信托政策(服務AssumeRolePolicyDocument
物業在CloudFormation資源):
SNSExample:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [autoscaling.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole
(您也可以委派對sns:Publish
操作的訪問權限,而不是使用托管策略,但是我建議使用托管策略,因為如果將來此服務需要其他權限,它將保持最新狀態。)
有關更多信息,請參閱《 Auto Scaling用戶指南》的“ Auto Scaling生命周期掛鈎”部分的“ 使用Amazon SNS接收通知”部分。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.