flo*_*nkt 7 amazon-sqs amazon-web-services aws-event-bridge
我有一个事件总线并创建了一个将事件转发到 SQS 队列的事件规则。现在,我使用默认的亚马逊管理密钥 (alias/aws/sqs) 为队列启用了加密。
启用加密后,事件不再转发。研究 AWS 文档时,我只能找到有关使用 CMK 进行加密的信息,但没有找到有关亚马逊托管密钥的信息。
我猜这是一个权限问题,但不确定。这是我的活动规则和访问策略
queueCreateInvoiceEvent:
Type: AWS::Events::Rule
DependsOn: [myQueue]
Properties:
Description: Forward INVOICE_CREATED event to SQS queue
EventBusName: ${self:custom.eventBus.name}
EventPattern: { "detail-type": ["INVOICE_CREATED"] }
Name: ${self:service.name}-${self:provider.stage}-buffer-invoice-created-event
State: ENABLED
Targets:
- Id: myQueue
Arn:
Fn::GetAtt: [myQueue, Arn]
createReceiptQueueAccessPolicy:
Type: AWS::SQS::QueuePolicy
DependsOn: [queueCreateInvoiceEvent, myQueue]
Properties:
Queues:
- { Ref: createReceiptQueue }
PolicyDocument:
Id: EventBridgeSqsAccessPolicy
Version: "2012-10-17"
Statement:
- Sid: Allow-User-SendMessage
Effect: Allow
Principal:
Service: "events.amazonaws.com"
Action:
- sqs:SendMessage
Resource:
- Fn::GetAtt: ["myQueue", "Arn"]
Condition:
ArnEquals:
aws:SourceArn:
- Fn::GetAtt: ["queueCreateInvoiceEvent", "Arn"]
小智 8
根据EventBridge 故障排除页面,您的 KMS 密钥策略需要允许 EventBridge 访问密钥:
{
"Sid": "Allow EventBridge to use the key",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*"
}
| 归档时间: |
|
| 查看次数: |
5540 次 |
| 最近记录: |