如何解决启用AWS KMS的SQS无法获取AWS SNS消息
我正在尝试在SNS(AccountA)和启用KMS的SQS(AccountB)之间进行跨帐户集成。 以下是SQS和SNS的配置 在SNS(帐户A)中,添加了以下配置:
{
"Version": "2008-10-17","Id": "__default_policy_ID","Statement": [
{
"Sid": "__default_statement_ID","Effect": "Allow","Principal": {
"AWS": "*"
},"Action": [
"SNS:Publish","SNS:RemovePermission","SNS:SetTopicAttributes","SNS:DeleteTopic","SNS:ListSubscriptionsByTopic","SNS:GetTopicAttributes","SNS:Receive","SNS:AddPermission","SNS:Subscribe"
],"Resource": "arn:aws:sns:us-west-2:AccountA:test-SNS","Condition": {
"StringEquals": {
"AWS:SourceOwner": "AccountA"
}
}
},{
"Sid": "__console_sub_0","Principal": {
"AWS": "arn:aws:iam::637477570661:root"
},"Action": [
"SNS:Subscribe","SNS:Receive"
],"Resource": "arn:aws:sns:us-west-2:AccountA:test-SNS"
}
]
}
以下是SQS的配置,该配置已在帐户B中启用了KMS:
{
"Version": "2008-10-17","Statement": [
{
"Sid": "Stmt1599823980845","Principal": {
"Service": "sns.amazonaws.com"
},"Action": "sqs:*","Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS","Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-west-2:AccountA:test-SNS"
}
}
},{
"Sid": "__owner_statement","Principal": {
"AWS": "arn:aws:iam::AccountB:root"
},"Action": "SQS:*","Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS"
},{
"Sid": "__receiver_statement","Principal": {
"AWS": "arn:aws:iam::AccountA:root"
},"Action": [
"SQS:ChangeMessageVisibility","SQS:DeleteMessage","SQS:ReceiveMessage"
],{
"Sid": "__receiver_statement_from_lambda","SQS:SendMessage","Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS"
}
]
}
问题是当我在SQS中启用CMK时,则消息未在SQS端接收。请指导。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。