amazon-web-services - AWS SQS 队列未接收来自 SNS 主题订阅的消息

标签 amazon-web-services aws-cloudformation amazon-sqs amazon-sns

在我的 cloudformation 模板中,我的 SQS 队列有以下内容:

OutputQueuePolicy:
  Type: AWS::SQS::QueuePolicy
  Properties:
    PolicyDocument:
      Statement:
        - Effect: "Allow"
          Principal: "*"
          Action:
            - "sqs:SendMessage"
          Resource:
            Fn::GetAtt: [OutputQueue, Arn]
          Condition:
            ArnEquals:
              aws:SourceArn: !Ref OutputTopic
            Bool:
              aws:SecureTransport: "false"
    Queues:
      - Ref: OutputQueue

OutputQueue:
  Type: AWS::SQS::Queue
  Properties:
    QueueName: isolation-change-output-queue
    RedriveAllowPolicy:
      redrivePermission: byQueue
      sourceQueueArns:
        - Fn::GetAtt: [OutputDeadLetterQueue, Arn]
    RedrivePolicy:
      deadLetterTargetArn:
        Fn::GetAtt: [OutputDeadLetterQueue, Arn]
      maxReceiveCount: 5

OutputDeadLetterQueuePolicy:
  Type: AWS::SQS::QueuePolicy
  Properties:
    PolicyDocument:
      Statement:
        - Effect: "Deny"
          Principal: "*"
          Action:
            - "sqs:SendMessage"
            - "sqs:ReceiveMessage"
          Resource: "*"
          Condition:
            Bool:
              aws:SecureTransport: "false"
    Queues:
      - Ref: OutputDeadLetterQueue

OutputDeadLetterQueue:
  Type: AWS::SQS::Queue
  Properties:
    QueueName: isolation-change-output-dead-letter-queue

这是我的 SNS 主题:

OutputTopicPolicy:
  Type: AWS::SNS::TopicPolicy
  Properties:
    PolicyDocument:
      Statement:
        - Sid: "Allow-SQS-to-receive-messages-from-topic"
          Effect: "Allow"
          Principal:
            Service: "sqs.amazonaws.com"
          Action: "sns:Publish"
          Resource:
            Ref: OutputTopic
          Condition:
            ArnEquals:
              "aws:SourceArn":
                Fn::GetAtt:
                  - OutputQueue
                  - Arn
    Topics:
      - Ref: OutputTopic

OutputTopic:
  Type: AWS::SNS::Topic
  Properties:
    TopicName: isolation-change-output-topic

OutputQueueSNSSubscription:
  Type: AWS::SNS::Subscription
  Properties:
    Endpoint:
      Fn::GetAtt: [OutputQueue, Arn]
    Protocol: "sqs"
    RedrivePolicy:
      deadLetterTargetArn:
        Fn::GetAtt: [OutputDeadLetterQueue, Arn]
    TopicArn: !Ref OutputTopic

我尝试通过 AWS SDK 将消息发布到该主题,但消息似乎没有进入队列。我没有收到任何错误,并且不确定我的 cloudformation 模板出了什么问题。

最佳答案

您的 Amazon SQS 队列需要访问策略,以允许 Amazon SNS 主题向 Amazon SQS 队列发送消息。

我部署了您的堆栈并将此策略添加到 SQS 队列中:

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:ap-southeast-2:111111111111:isolation-change-output-dead-letter-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:ap-southeast-2:111111111111:isolation-change-output-topic"
        }
      }
    }
  ]
}

然后,我能够成功向 SNS 主题发送消息,并且该消息出现在 SQS 队列中。

该政策复制自:Subscribing an Amazon SQS queue to an Amazon SNS topic - Amazon Simple Notification Service

您需要向 OutputDeadLetterQueuePolicy 添加类似的策略。

关于amazon-web-services - AWS SQS 队列未接收来自 SNS 主题订阅的消息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75943660/

上一篇:amazon-web-services - 目标组上的实例运行状况不佳

下一篇:amazon-web-services - AWS CloudFormation – 如何在 !Sub 构造的字符串中包含伪参数?

相关文章:

amazon-web-services - 点击 websocket api 网关路由时出现问题

node.js - AWS Load Balancer,为 HTTPS 启用监听器并路由到 80

amazon-web-services - aws-sdk 403 对 Quicksight API 的 CORS 预检选项请求错误

amazon-web-services - 如何通过 CloudFormation 在不同 Fargate 任务中运行的 Consul 服务器将 Consul 代理加入 Consul 集群?

amazon-web-services - SAM 模板和 Cloudformation 模板之间的区别

java - SQS FIFO 使用 MessageGroupId 接收消息

amazon-web-services - 允许在无需身份验证的情况下通过 AWS 内的 VPC 访问 AWS S3 存储桶

amazon-web-services - 无法从此帐户的参数存储中获取参数(参数值)

spring - 如何为 Spring SQS 定制 Jackson 序列化器

python - 使用 Python 访问 Amazon Web Services SQS 队列

©2024 IT工具网  联系我们