3

我是 CloudFormation 的新手,目前正在尝试将S3:ObjectCreated发送到特定的SQS Queue

该设置位于无服务器框架中,并在 CloudFormation 中定义了资源。问题在于具有 QueueConfigurations 的NotificationConfiguration错误后不断给出错误。

在线查看 CloudFormation Designer 时,以下语法似乎是正确的:

  iamRoleStatements:
    - Effect: Allow
      Action:
        - s3:ListBucket
      Resource:
        Fn::Join:
          - ""
          - - "arn:aws:s3:::"
            - Ref: LabelBucket

    - Effect: Allow
      Action:
        - s3:GetObject
        - s3:PutObject
      Resource:
        Fn::Join:
          - ""
          - - "arn:aws:s3:::"
            - Ref: LabelBucket
            - "/*"

    - Effect: Allow
      Action:
        - SQS:SendMessage
      Resource:
        Fn::Join:
          - ""
          - - "arn:aws:s3:::"
            - Ref: LabelBucket

resources:
  Resources:
    LabelRequestQueue:
      Type: AWS::SQS::Queue
      Properties:
        QueueName: label-generate-request

    LabelResponseQueue:
      Type: AWS::SQS::Queue
      Properties:
        QueueName: label-generate-response

    LabelBucket:
      Type: AWS::S3::Bucket
      DependsOn:
          - LabelResponseQueue
      Properties:
        BucketName: generation-bucket
        NotificationConfiguration:
          QueueConfigurations:
            - Event: 's3:ObjectCreated:Put'
              Queue: 'arn:aws:sqs:eu-west-1:539106611526:label-generate-response'

此资源的确切错误是:

An error occurred: CarrierLabelBucket - Unable to validate the following destination configurations (Service: Amazon S3; Status Code: 400; Error Code: InvalidArgument; Request ID: 12A3D93761EFFEAD; S3 Extended Request ID: Zfk2XKEKHhqtafaiFvrcpzyO8nHB6qOJs4gqJXpkOyhxSMgDTsUzZ0lQnYIrTEr2SVHhgMHw0ds=).
4

4 回答 4

1

尼克的最后一个答案实际上是正确的。

如果-并且何时-您设置了资源 S3 Bucket + SQS Queue + Policy,它将起作用。

我是这样做的:

resources:
  Resources:
    MyBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.settings.s3_bucket}
        NotificationConfiguration:
          QueueConfigurations:
            - Event: s3:ObjectCreated:Put
              Queue: "arn:aws:sqs:#{AWS::Region}:#{AWS::AccountId}:${self:custom.settings.transmit_queue}"
      DependsOn : SQSQueuePolicy

    TransmitQueue:
      Type: "AWS::SQS::Queue"
      Properties:
        QueueName: ${self:custom.settings.transmit_queue}

    SQSQueuePolicy:
      Type: AWS::SQS::QueuePolicy
      Properties:
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Principal:
                AWS: "*"
              Action: SQS:SendMessage
              Resource: "*"
              Condition:
                ArnLike:
                  aws:SourceArn: "arn:aws:s3:::${self:custom.settings.s3_bucket}"
        Queues:
          - Ref: TransmitQueue

找出这一点可能需要一些时间。问我怎么知道的。

于 2020-11-27T17:34:47.617 回答
0

您需要先将 SQS 策略添加到队列中,然后才能添加 S3 SQS 事件。

适用于 S3 事件的 Cloudformation SQS 策略

于 2020-08-20T09:00:13.290 回答
-1

您需要使用s3:CreatedObject:*请参阅https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations

于 2018-10-01T12:38:02.607 回答
-1

我已按照 AWS 文档中的说明在不同的部署中首先创建 SNS 主题。你可以在这里找到我的工作应用程序配置:

1. SNS 部署

https://github.com/drissamri/serverless-architecture/blob/master/infrastructure/serverless.yml

2. 应用部署(S3 通知)

https://github.com/drissamri/serverless-architecture/blob/master/application/serverless.yml

如果您使用的是无服务器框架,您还可以使用插件来隐藏所有必要的配置,并使用简化的配置,例如https://www.npmjs.com/package/@agiledigital/serverless-sns-sqs-lambda

于 2020-03-30T18:54:19.923 回答