amazon-web-services - 创建向 SNS 主题发送通知的 S3 存储桶

标签 amazon-web-services amazon-s3 aws-cloudformation amazon-sns

我正在尝试创建一个 s3 存储桶,每次在 s3 存储桶中删除对象时,该存储桶都会向 SNS 主题发送通知。我的 S3 存储桶名为 foo-bucket,我的 SNS 主题名为 foo-topic。我知道如何在 aws 控制台中进行设置,但在尝试通过 cloudformation 执行此操作时遇到了麻烦。

这是我目前拥有的代码

Resources:
  SNSTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: foo-topic
  SNSTopicPolicy:
    Type: AWS::SNS::TopicPolicy
    Properties:
      PolicyDocument:
        Id: MyTopicPolicy
        Version: '2012-10-17'
        Statement:
        - Sid: Statement-id
          Effect: Allow
          Principal:
            Service: s3.amazonaws.com
          Action: sns:Publish
          Resource:
            Ref: SNSTopic
          Condition:
            ArnLike:
              aws:SourceArn:
                Fn::Join:
                - ''
                - - 'arn:aws:s3:::'
                  - Ref: S3Bucket
      Topics:
      - Ref: SNSTopic
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: foo-bucket 
      AccessControl: BucketOwnerFullControl
      NotificationConfiguration:
        TopicConfigurations:
        - Topic:
            Ref: SNSTopic
          Event: s3:ObjectCreated:Put

由于以下错误,我尝试部署上述内容并 cfn 回滚

Unable to validate the following destination configurations (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: fooooo; S3 Extended Request ID: foooid; Proxy: null)

最佳答案

我有一个example cloudformation创建存储桶、sns 主题和通知配置。正如已经提到的,您需要确保正确的依赖顺序。

通知配置不会检查资源是否存在,因此我们需要使用DependsOn属性来执行此操作

创建 SNS 主题策略时,请注意潜在的循环引用。我将存储桶名称定义为字符串,而不是引用。它允许在存储桶的通知配置之前使用其策略创建 SNS。

  IngestionBucketDev:
    Type: AWS::S3::Bucket
    DependsOn:
     - IngestionTopicDev
     - IngestionTopicPolicy
    Properties: 
      BucketName: "ingestion-codebucket-7832df8b-dev"
      NotificationConfiguration:
        TopicConfigurations:
         -  Topic: !Ref IngestionTopicDev
            Event: 's3:ObjectCreated:*'
            Filter:
              S3Key:
                Rules:
                 - Name: suffix
                   Value: ".json"
      PublicAccessBlockConfiguration:
        RestrictPublicBuckets: true
        BlockPublicPolicy: true
           
               
  IngestionTopicDev:
    Type: AWS::SNS::Topic
    Properties: 
      TopicName: "elearn-ingest-topic"
      DisplayName: "elearn-ingest-topic"
      
  IngestionTopicPolicy:
    Type: AWS::SNS::TopicPolicy
    Properties: 
      Topics:
       - !Ref IngestionTopicDev
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Action:
              - 'sns:Publish'
            Effect: Allow
            Resource: !Ref IngestionTopicDev
            Principal: 
              Service: "s3.amazonaws.com"
            Condition:
              ArnEquals:
               "aws:SourceArn": "arn:aws:s3:::ingestion-codebucket-7832df8a-dev"

关于amazon-web-services - 创建向 SNS 主题发送通知的 S3 存储桶,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70309043/

上一篇:amazon-web-services - 无法在现有 S3 存储桶中放置通知事件来触发 CloudFormation Lambda

下一篇:amazon-web-services - docker pull <image> 无法在 cloudformation UserData 标签中工作

相关文章:

ruby-on-rails - Elastic Beanstalk 上的 Nokogiri 安装失败

amazon-web-services - AWS CloudWatch 指标直接到 S3

amazon-web-services - 如何将ELB面向公众、私有(private)?

amazon-web-services - 在多个区域启动 AWS 云信息堆栈

amazon-web-services - 自动从 DynamoDB 表和 S3 中删除数据

amazon-web-services - 调用 UpdateService 操作时的 AWS ECS InvalidParameterExcpetion

amazon-web-services - 创建预签名 url 时出现紧急错误

hadoop - 从HDFS复制到S3时使用GroupBy合并文件夹中的文件

amazon-s3 - Amazon S3 存储桶命名约定导致与证书冲突

ansible - 无法使用自动 powershell 脚本加入域 - "unable to update password"

©2024 IT工具网  联系我们