Ker*_*mos 3 amazon-web-services amazon-sns aws-lambda
为什么我无法在 AmazonIpSpaceChanged 上订阅 SNS?请检查,我需要你的指导。
我基本上遵循的指南是如何使用AWS 安全博客中的AWS Lambda 自动更新 Amazon CloudFront 和 AWS WAF 的安全组。
这是终端的输出:
? 终端 $ cat ~/.aws/config [默认] 区域 = ap-southeast-1 ? 终端 $ aws sns subscribe --topic-arn arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged --protocol lambda --notification-endpoint arn:aws:lambda:ap-southeast-1:accountid_removed:function: cloudfront-安全组-控制器 调用订阅操作时发生错误 (InvalidParameter):无效参数:TopicArn ? 终端 $ AWS_REGION=ap-southeast-1 aws sns subscribe --topic-arn arn:aws:sns:ap-southeast-1:806199016981:AmazonIpSpaceChanged --protocol lambda --notification-endpoint arn:aws:lambda:ap-southeast -1:accountid_removed:function:cloudfront-securitygroup-controller 调用订阅操作时发生错误(AuthorizationError):用户:arn:aws:iam::accountid_removed:user/removed@gmail.com is not authorized to perform: SNS:Subscribe on resource: arn:aws:sns:ap-东南-1:806199016981:AmazonIpSpaceChanged
这也是通过 AWS Web 控制台完成时的输出:
User: arn:aws:iam::accountid_removed:user/removed@gmail.com is not authorized to perform: SNS:Subscribe on resource: arn:aws:sns:ap-southeast-1:806199016981:AmazonIpSpaceChanged (Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError; Request ID: 0e87384a-e298-569e-bf2d-6a5718eedc40)
该错误是因为您的 API 调用必须us-east-1针对 Amazon SNS 主题所在的区域。
$ aws sns subscribe --topic-arn arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged --protocol email --notification-endpoint xyzzy@mailinator.com --region us-east-1
{
"SubscriptionArn": "pending confirmation"
}
在不同区域订阅 AWS Lambda 函数似乎也有效(或者,至少没有返回错误):
aws sns subscribe --topic-arn arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged --protocol lambda --notification-endpoint arn:aws:lambda:ap-southeast-2:123456789012:foo --region us-east-1
{
"SubscriptionArn": "arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged:37dab281-1e8f-16ba-8e4a-ef9de429101b"
}