Sim*_*onH 4 amazon-s3 amazon-sqs amazon-web-services aws-cloudformation
我正在尝试为SQS队列创建一个策略,该策略将允许任何S3存储桶将事件发送到该队列。我似乎无法针对特定的S3队列执行此操作,因为我最终遇到了循环依赖。
我创建了一个cloudformation模板,该模板将创建队列和策略,但是当我尝试手动设置S3存储桶以发送事件时,我收到一条消息,说
目标队列上的权限不允许S3从该存储桶发布通知
我用来创建策略的模板部分是:
"SQSNotifcationFromS3" : {
"Type" : "AWS::SQS::QueuePolicy",
"DependsOn" : "S3Notifications",
"Properties" : {
"PolicyDocument" : {
"Version": "2012-10-17",
"Id": "SQSIDsimon",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": "SQS:*",
"Resource": { "Ref" : "S3Notifications"}
}
]
},
"Queues" : [ { "Ref" : "S3Queue" } ]
}
}
最后,我找到了一个解决方案-我在SQS上设置了权限,以便任何S3存储桶都可以将事件添加到队列中:
"S3EventQueuePolicy" : {
"Type" : "AWS::SQS::QueuePolicy",
"DependsOn" : [ "S3EventQueue" ],
"Properties" : {
"PolicyDocument" : {
"Id": "SQSPolicy",
"Statement": [
{
"Sid": "SQSEventPolicy",
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:*",
"Resource": "*",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:::*"
}
}
}
]
},
"Queues" : [ { "Ref" : "S3EventQueue"} ]
}
},
| 归档时间: |
|
| 查看次数: |
2807 次 |
| 最近记录: |