只要我的 RDS 实例的可用存储空间小于阈值(例如 2GB),我希望收到一封通知电子邮件。
由于上述原因,我从 AWS 控制台创建了一个警报来监控 FreeStorageSpace 指标。
现在我想将此警报片段放入我现有的 Cloudformation 模板中,以将此警报链接到我现有的 RDS 实例。我需要为 RDS 创建任何类型的 IAM 角色吗?
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: RDS Low Storage Alarm
AlarmDescription: This alarm is triggered when RDS storage is lower than or equal to 5GB
ActionsEnabled: true
OKActions: []
AlarmActions:
- arn:aws:sns:ap-northeast-1:1234567890:stg1-init-AlertTopic-1WPRQT95IHBJZ
InsufficientDataActions: []
MetricName: FreeStorageSpace
Namespace: AWS/RDS
Statistic: Average
Dimensions:
- Name: DBInstanceIdentifier
Value: xxx1blsxxxxel
Period: 60
EvaluationPeriods: 1
DatapointsToAlarm: 1
Threshold: 5368709120
ComparisonOperator: LessThanOrEqualToThreshold
TreatMissingData: missing
我发现了几篇类似 this 的文章,其中解释了如上所述的警报创建。但我没有找到有关 IAM 事物的信息。
更新: 我在主 cfn 模板中创建的 SNS 警报主题默认具有以下访问策略。在这种情况下,仅仅创建上述警报就足够了吗?
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish",
"SNS:Receive"
],
"Resource": "arn:aws:sns:ap-northeast-1:333333333333:stg1-init-AlertTopic-1WPRQT95IHBJZ",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "333333333333"
}
}
}
]
}
最佳答案
Do I need to create any kind of IAM role for the RDS?
不适用于 RDS。但SQS主题必须有special policy for that 。一个例子是(根据您的设置,也许默认策略也足够了):
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-2:444455556666:MyTopic",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:cloudwatch:us-east-2:111122223333:alarm:*"
}
}
}
]
}
关于amazon-web-services - AWS 云信息 : Does CloudWatch Alarm for RDS needs IAM role?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69734205/