AWS SNS 主题子:死信队列(重新驱动策略)权限被拒绝
Blu*_*ell 3 amazon-sqs amazon-web-services dead-letter amazon-sns
我有一个 SNS 主题和订阅(实际上超过 1 个)设置来使用 SQS DLQ。然而,每个人都告诉我,我有一个政策错误。
我的 SNS 订阅设置了 DLQ:
我的队列存在:
我在 SQS 队列上设置了以下访问策略:
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::1234:root"
},
"Action": "SQS:*",
"Resource": "arn:aws:sqs:eu-west-2:1234:AggregateMonitoringDeadLetterQueue"
},
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:eu-west-2:1234:AggregateMonitoringDeadLetterQueue",
"Condition": {
"ArnLike": {
"aws:SourceArn": [
"arn:aws:sns:eu-west-2:1234:aggregator-state",
"arn:aws:sns:eu-west-2:1234:rank-state-publication",
"arn:aws:sns:eu-west-2:1234:rank-state-categorisation"
]
}
}
}
]
}
我还尝试在队列上采用真正通用的访问策略:
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SQS:*",
"Resource": "arn:aws:sqs:eu-west-2:1234:AggregateMonitoringDeadLetterQueue"
},
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": "SQS:*",
"Resource": "arn:aws:sqs:eu-west-2:1234:AggregateMonitoringDeadLetterQueue",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sns:eu-west-2:1234:*"
}
}
}
]
}
我正在关注这个:https://docs.aws.amazon.com/sns/latest/dg/sns-configure-dead-letter-queue.html(第5步解释了设置策略)
其他参考: https: //docs.aws.amazon.com/sns/latest/dg/sns-dead-letter-queues.html
我一定做错了什么,或者错过了什么?我无法摆脱这个错误。
小智 5
请参阅此答案,其中指出尽管有错误消息,失败的消息仍会正确发送到 DLQ。
从我这边来看,我可以确认我在 DLQ 中收到了那些失败的消息,其配置与您的类似(通过遵循同一个文档https://docs.aws.amazon.com/sns/latest/dg/sns-configure-dead -letter-queue.html)。
| 归档时间: |
|
| 查看次数: |
4782 次 |
| 最近记录: |