Amazon AWS SQS - 將 QueuePolicy 應用於現有隊列
[英]Amazon AWS SQS - Apply QueuePolicy to existing Queue
問題描述
如果我通過 Cloudformation 創建一個 SQS 隊列,您能否在創建 SQS 隊列后附加第二個 QueuePolicy?
如果我確實運行以下配置:
Resources:
SQSQueue:
Properties:
QueueName: !Ref SQSQueuename
Type: 'AWS::SQS::Queue'
QueuePolicy:
Type: 'AWS::SQS::QueuePolicy'
Properties:
PolicyDocument:
Id: !Ref SQSQueuename
Statement:
- Sid: QueuePolicy2-SendMessage-To-Queue-From-SNS-Topic
Effect: Allow
Principal:
AWS: !Ref AccountID
Action:
- 'sqs:*'
Resource: 'arn:aws:sqs:eu-central-1:123456789010:${SQSQueuename}'
Queues:
- !Ref SQSQueue
DependsOn:
- SQSQueue
我可以創建另一個附加到創建的隊列的 QueuePolicy 嗎? 我將如何附加它? 通過 ARN?
Resources:
SecondQueuePolicy:
Type: 'AWS::SQS::QueuePolicy'
Properties:
PolicyDocument:
Id: !Ref SQSQueuename
Statement:
- Sid: QueuePolicy2-SendMessage-To-Queue-From-SNS-Topic
Effect: Allow
Principal:
AWS: !Ref AccountID
Action:
- 'sqs:*'
Resource: 'arn:aws:sqs:eu-central-1:123456789010:${SQSQueuename}'
Queues:
- !Ref SQSQueue <-- how do i ref to the Queue ?
DependsOn:
- SQSQueue
1 個解決方案
解決方案1
5 已采納 2017-10-10 15:32:56
在您的第一個模板中,確保導出隊列 URL 和名稱:
Outputs:
QueueURL:
Value: !Ref SQSQueue
Export:
Name: ExampleStack-QueueURL
QueueName:
Value: !GetAtt SQSQueue.QueueName
Export:
Name: ExampleStack-QueueName
在第二個模板中導入新導出的值(不需要 DependsOn):
SecondQueuePolicy:
Type: 'AWS::SQS::QueuePolicy'
Properties:
PolicyDocument:
Id: !Ref SQSQueuename
Statement:
- Sid: QueuePolicy2-SendMessage-To-Queue-From-SNS-Topic
Effect: Allow
Principal:
AWS: !Ref AccountID
Action:
- 'sqs:*'
Resource:
Fn::Sub:
- 'arn:aws:sqs:eu-central-1:123456789010:${QueueName}'
- QueueName:
Fn::ImportValue: ExampleStack-QueueName
Queues:
- Fn::ImportValue: ExampleStack-QueueURL
如何從另一個模板向現有 SQS QueuePolicy 添加新語句?
[英]How to add a new statement to an existing SQS QueuePolicy from another template?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.