5

这是我的问题,除了是 AWS 新手。我的任务是为 DR 站点复制位于 US-East-1 到 US-West-2 的生产站点。我在创建 SNS 警报时遇到问题。以下代码来自 AWS 示例并使用我们的 JSON 导出中的策略。当我将它包含到我的主 PS 脚本中时,我收到以下错误:

错误:

Set-SQSQueueAttribute : 参数 Policy 的值无效。在 line:37 char:5 + Set-SQSQueueAttribute -QueueUrl $qURL -Attribute @{ Policy=$SNSpo ... + ~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Amazon. PowerShe...AttributeCmdlet:SetSQSQ ueueAttributeCmdlet) [Set-SQSQueueAttribute], InvalidOperationException + FullyQualifiedErrorId : Amazon.SQS.AmazonSQSException,Amazon.PowerShell.Cmdlets.SQS。SetSQSQueueAttributeCmdlet

代码:

$qURL = New-SQSQueue -QueueName "Test-Queue"
$topicARN = New-SNSTopic -Name "Test-Topic" -Region "us-west-2"

$SNSpolicy = @"
{
     "Version": "2008-10-17",
     "Id": "__default_policy_ID",
     "Statement": [
          {
           "Sid": "__default_policy_ID",
           "Effect": "Allow",
           "Principal": {
                "AWS": "*"
          },
           "Action": [
                "SNS:Subscribe",
                "SNS:ListSubscriptionsByTopic",
                "SNS:DeleteTopic",
                "SNS:GetTopicAttributes",
                "SNS:Publish",
                "SNS:RemovePermission",
                "SNS:AddPermission",
                "SNS:Receive",
                "SNS:SetTopicAttributes"
           ],
           "Resource": "arn:aws:sqs:us-west-2:123456789012:Test-Queue",
           "Condition": {
                "StringEquals": {
                     "AWS:SourceOwner": $topicARN
                }
           }
     ]
}
"@

# set the policy
Set-SQSQueueAttribute -QueueUrl $qURL -Attribute @{ Policy=$SNSpolicy }
4

1 回答 1

4

我刚刚使用“Get-Help Set-SQSQueueAttribute -Detailed”运行了powershell给出的示例,它没有问题。

根据运行的 PowerShell 示例以及您收到的特定错误,这表明您传递的特定策略有问题。我会降低你的策略直到它起作用,然后继续增量添加东西,直到它打破以找出它不喜欢的东西。

此外: Set-SQSQueueAttribute 方法仅接受最多 7 个操作参数,并且不接受您在代码中提到的任何参数。有效的行动是:

  • 发信息
  • 接收消息
  • 删除消息
  • 更改消息可见性
  • 获取队列属性
  • 获取队列网址

我注意到您的示例与下面对我有用的示例的不同之处在于:

工作示例代码: 

    "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "$topicarn"
          }
      }

你的代码:

       "Condition": {
            "StringEquals": {
                 "AWS:SourceOwner": $topicARN
            }
       }

对我有用的例子:

$qurl = New-SQSQueue -QueueName "myQueue" -Region 'us-east-1' -AccessKey 'accesskey' -SecretKey 'secretkey'
$topicarn = New-SNSTopic -Name "myTopic"

$qarn = (Get-SQSQueueAttribute -QueueUrl $qurl -AttributeName "QueueArn").QueueARN

# construct the policy and inject arns
$policy = @"
{
  "Version": "2008-10-17",
  "Id": "$qarn/SQSPOLICY",
  "Statement": [
      {
      "Sid": "1",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "SQS:SendMessage",
      "Resource": "$qarn",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "$topicarn"
          }
      }
    }
  ]
}
"@

Set-SQSQueueAttribute -QueueUrl $qurl -Attribute @{ Policy=$policy }
于 2016-05-10T17:04:07.207 回答